Navigate to /RoleManager URL then click the Authentication Providers menu.
...
| Provider | Type | Application Registration | Information Required for RoleManager Configuration | RoleManager Configuration JSON |
|---|---|---|---|---|
| Azure AD | OpenID Connect | How to Configure Azure Active Directory for OneList Redirect URI: https://<OneList hostname>/rolemananger/signin-azure Delegated API permissions:
|
| { "UserNameClaim": "preferred_username", |
| Azure AD | SAML | Select this option when using Windows AD log in is used as OneList UserName. The prerequisite is Azure AD Premium license. Follow Azure SAML configuration instructions to Create Your Own Application: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications Identifier (Entity ID): https://<OneList hostname> Reply URL (Assertion Consumer Service URL): https://<OneList hostname>/rolemanager/saml-azure Required claim:
Additional claims:
|
| { "EntityId": "https://<OneList hostname>", "CallbackPath": "/saml-azure", "IdAttribute": null, "GivenNameAttribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "SurnameAttribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "EmailAttribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "Provider": { "EntityId": "<the entityID in the metadata XML>", "LoginEndpoint": "<the SingleSignOnService url in the metadata XML>", "X509Certificate": "<the X509Certificate in the metadata XMl>" } } |
| ADFS | ADFS | Registration steps: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-2.2 Rely Party: https://<OneList hostname>/ Map the SAMAccount-Name to the Name ID claim. Hint: use the Windows event log on the ADFS server to investigate errors, and the rely party above must end with '/'. Add rules to map claims:
|
| { "MetadataAddress": "<the meta data address>", "Wtrealm": "https://<OneList host>/" } |
| OpenID Connect | Registration steps: https://developers.google.com/identity/protocols/OpenIDConnect Redirect URL: https://<OneList hostname>/rolemanager/signin-google |
| { "Authority": "https://accounts.google.com", "clientid": "<client id>", "clientsecret": "client secret", "CallbackPath": "/signin-google", "UserNameClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "Scope": [ "email" ] } | |
| Salesforce | OpenID Connect | Create a connected app: https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm Callback URL: https://<onelist hostname>/rolemanager/signin-salesforce |
| { "Authority": "https://login.salesforce.com/", "ClientId": "<consumer key>", "ClientSecret": "<consumer secret>", "CallbackPath": "/signin-salesforce", "Scope": ["offline_access","api"] } |
| Duo | SAML | Complete the Duo Application Registration | From the "XML metadata" file of the Duo Access Gateway admin console:
| { "EntityId": "https://<onelist hostname>", "CallbackPath": "/signin-duo", "Provider": { "EntityId": "<Duo entity id>", "LoginEndpoint": "<Duo SSO URL>", "X509Certificate": "<Duo certificate>" } } |
| SAP | OpenID Connect | OpenID Connect registration: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/8a0aa2ea5a0744879a7ec2be0bc023cf.html Callback URL: https://<onelist hostname>/rolemanager/signin-sap |
| { "Authority": "<environment/sucscription based URL>", "ClientId": "<Client ID>", "ClientSecret": "<Secret>", "CallbackPath": "/signin-sap" } |