Use the Naviage to /RoleManager URL to manage for managing users, claims and roles.
The RoleManager component handles the user authentication and access management. RoleManager can integrate with external identity management provider (Idp) for user authentication and user profile synchronisation.
...
Provider | Application Registration | Information Required for RoleManager Configuration | RoleManager Configuration JSON |
---|---|---|---|
Azure AD | Registration steps: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app. Register for single tenant is recommended. Redirect URI: https://<OneList hostname>/rolemananger/signin-azure |
| { "clientid": "<Application id>", "clientsecret": "<Client secret>", "Authority": "https://login.microsoftonline.com/<Azure tenant id>/v2.0", "CallbackPath": "/signin-azure", "SaveTokens": false } |
ADFS | Registration steps: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-2.2 Rely Party: https://<OneList hostname>/ Map the SAMAccount-Name to the Name ID claim. Hint: use the Windows event log on the ADFS server to investigate errors, and the rely party above must end with '/'. |
| { "MetadataAddress": "<the meta data address>", "Wtrealm": "https://<OneList host>/" } |
Registration steps: https://developers.google.com/identity/sign-in/web/devconsole-project Redirect URL: https://<OneList hostname>/rolemanager/signin-google |
| { | |
Salesforce | Create a connected app: https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm Callback URL: https://<onelist hostname>/rolemanager/signin-salesforce |
| { "Authority": "https://login.salesforce.com", "ClientId": "<consumer key>", "ClientSecret": "<consumer secret>", "CallbackPath": "/signin-salesforce", "Scope": ["offline_access","api"] } |
SAP | OpenID Connect registration: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/8a0aa2ea5a0744879a7ec2be0bc023cf.html Callback URL: https://<onelist hostname>/rolemanager/signin-sap |
| { "Authority": "<environment/sucscription based URL>", "ClientId": "<Client ID>", "ClientSecret": "<Secret>", "CallbackPath": "/signin-sap" } |