Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Use the /RoleManager URL to manage users, claims and roles.

...

  • Select the Edit button under the Actions column;
  • Select the Roles tab on the left;
  • Search for the required role and assign the role to the user, or remove the current assigned role. Note the user needs to log off and log on to have the updated access.

...

Setup external authentication provider

RoleManager supports integration with the following authentication providers

...

ProviderApplication RegistrationInformation Required for RoleManager ConfigurationRoleManager Configuration JSON
Azure AD

Registration steps: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app. Register for single tenant is recommended.

Redirect URI: https://<OneList hostname>/rolemananger/signin-azure

  • Azure tenant id
  • Application id
  • Client secret
{
"clientid": "<Application id>",
"clientsecret": "<Client secret>",
"Authority": "https://login.microsoftonline.com/<Azure tenant id>/v2.0",
"CallbackPath": "/signin-azure",
"SaveTokens": false
}
ADFS

Registration steps: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-2.2

Rely Party: https://<OneList hostname>/ 

Map the SAMAccount-Name to the Name ID claim. 

Hint: use the Windows event log on the ADFS server to investigate errors, and the rely party above must end with '/'.

  • Meta data address, e.g. 
https://adfs.mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml
{
"MetadataAddress": "<the meta data address>",
"Wtrealm": "https://<OneList host>/"
}
Google

Registration steps: https://developers.google.com/identity/sign-in/web/devconsole-project

Redirect URL: https://<OneList hostname>/rolemanager/signin-google

  • client id
  • client secret

{
"clientid":"<client id>",
"clientsecret":"client secret"
}

Salesforce

Create a connected app: https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm

Callback URL: https://<onelist hostname>/rolemanager/signin-salesforce

  • consumer key
  • consumer secret
{
"Authority": "https://login.salesforce.com",
"ClientId": "<consumer key>",
"ClientSecret": "<consumer secret>",
"CallbackPath": "/signin-salesforce",
"Scope": ["offline_access","api"]
}
SAP

OpenID Connect registration: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/8a0aa2ea5a0744879a7ec2be0bc023cf.html

Callback URL: https://<onelist hostname>/rolemanager/signin-sap

  • Client ID
  • Secret
{
"Authority": "<environment/sucscription based URL>",
"ClientId": "<Client ID>",
"ClientSecret": "<Secret>",
"CallbackPath": "/signin-sap"
}