Navigate to /RoleManager URL then click the Authentication Providers menu.
...
Provider | Type | Application Registration | Information Required for RoleManager Configuration | RoleManager Configuration JSON |
---|---|---|---|---|
Azure AD | OpenID Connect | How to Configure Azure Active Directory for OneList Redirect URI: https://<OneList hostname>/rolemananger/signin-azure Delegated API permissions:
|
| { "UserNameClaim": "preferred_username", |
Azure AD | SAML | Azure SAML configuration: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications Identifier (Entity ID): https://<OneList hostname> Reply URL (Assertion Consumer Service URL): https://<OneList hostname/saml-azure ClaimsRequired claim:
Additional claims:
|
| { "EntityId": "https://<OneList hostname>", "CallbackPath": "/saml-azure", "IdAttribute": null, "GivenNameAttribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "SurnameAttribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "EmailAttribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "Provider": { "EntityId": "<the entityID in the metadata XML>", "LoginEndpoint": "<the SingleSignOnService url in the metadata XML>", "X509Certificate": "<the X509Certificate in the metadata XMl>" } } |
ADFS | ADFS | Registration steps: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-2.2 Rely Party: https://<OneList hostname>/ Map the SAMAccount-Name to the Name ID claim. Hint: use the Windows event log on the ADFS server to investigate errors, and the rely party above must end with '/'. Add rules to map claims:
|
| { "MetadataAddress": "<the meta data address>", "Wtrealm": "https://<OneList host>/" } |
OpenID Connect | Registration steps: https://developers.google.com/identity/protocols/OpenIDConnect Redirect URL: https://<OneList hostname>/rolemanager/signin-google |
| { "Authority": "https://accounts.google.com", "clientid": "<client id>", "clientsecret": "client secret", "CallbackPath": "/signin-google", "UserNameClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "Scope": [ "email" ] } | |
Salesforce | OpenID Connect | Create a connected app: https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm Callback URL: https://<onelist hostname>/rolemanager/signin-salesforce |
| { "Authority": "https://login.salesforce.com", "ClientId": "<consumer key>", "ClientSecret": "<consumer secret>", "CallbackPath": "/signin-salesforce", "Scope": ["offline_access","api"] } |
Duo | SAML | Complete the Duo Application Registration | From the "XML metadata" file of the Duo Access Gateway admin console:
| { "EntityId": "https://<onelist hostname>", "CallbackPath": "/signin-duo", "Provider": { "EntityId": "<Duo entity id>", "LoginEndpoint": "<Duo SSO URL>", "X509Certificate": "<Duo certificate>" } } |
SAP | OpenID Connect | OpenID Connect registration: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/8a0aa2ea5a0744879a7ec2be0bc023cf.html Callback URL: https://<onelist hostname>/rolemanager/signin-sap |
| { "Authority": "<environment/sucscription based URL>", "ClientId": "<Client ID>", "ClientSecret": "<Secret>", "CallbackPath": "/signin-sap" } |