Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Use the Naviage to /RoleManager URL to manage  for managing users, claims and roles.

The RoleManager component handles the user authentication and access management. RoleManager can integrate with external identity management provider (Idp) for user authentication and user profile synchronisation. 

...

ProviderApplication RegistrationInformation Required for RoleManager ConfigurationRoleManager Configuration JSON
Azure AD

Registration steps: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app. Register for single tenant is recommended.

Redirect URI: https://<OneList hostname>/rolemananger/signin-azure

  • Azure tenant id
  • Application id
  • Client secret
{
"clientid": "<Application id>",
"clientsecret": "<Client secret>",
"Authority": "https://login.microsoftonline.com/<Azure tenant id>/v2.0",
"CallbackPath": "/signin-azure",
"SaveTokens": false
}
ADFS

Registration steps: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-2.2

Rely Party: https://<OneList hostname>/ 

Map the SAMAccount-Name to the Name ID claim. 

Hint: use the Windows event log on the ADFS server to investigate errors, and the rely party above must end with '/'.

  • Meta data address, e.g. 
https://adfs.mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml
{
"MetadataAddress": "<the meta data address>",
"Wtrealm": "https://<OneList host>/"
}
Google

Registration steps: https://developers.google.com/identity/sign-in/web/devconsole-project

Redirect URL: https://<OneList hostname>/rolemanager/signin-google

  • client id
  • client secret

{
"clientid":"<client id>",
"clientsecret":"client secret"
}

Salesforce

Create a connected app: https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm

Callback URL: https://<onelist hostname>/rolemanager/signin-salesforce

  • consumer key
  • consumer secret
{
"Authority": "https://login.salesforce.com",
"ClientId": "<consumer key>",
"ClientSecret": "<consumer secret>",
"CallbackPath": "/signin-salesforce",
"Scope": ["offline_access","api"]
}
SAP

OpenID Connect registration: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/8a0aa2ea5a0744879a7ec2be0bc023cf.html

Callback URL: https://<onelist hostname>/rolemanager/signin-sap

  • Client ID
  • Secret
{
"Authority": "<environment/sucscription based URL>",
"ClientId": "<Client ID>",
"ClientSecret": "<Secret>",
"CallbackPath": "/signin-sap"
}