Navigate to /RoleManager URL then click the Authentication Providers menu.
...
External authentication provider configuration requirement
Provider | Type | Application Registration | Information Required for RoleManager Configuration | RoleManager Configuration JSON |
---|---|---|---|---|
Azure AD | OpenID Connect | How to Configure Azure Active Directory for OneList Redirect URI: https://<OneList hostname>/rolemananger/signin-azure Delegated API permissions:
|
| { "UserNameClaim": "email", |
Azure AD | SAML | Select this option when using Windows AD log in as OneList UserName. The prerequisite is Azure AD Premium license. Follow Azure SAML configuration instructions to Create Your Own Application: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications Identifier (Entity ID): https://<OneList hostname> Reply URL (Assertion Consumer Service URL): https://<OneList hostname>/rolemanager/saml-azure Required claim:
Additional claims:
See Add the enterprise application in Azure AD SAML SSO for OneList |
| { |
<https:// |
<OneList> hostname>", |
|
MetaDataUrl": |
"GivenNameAttribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"SurnameAttribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"EmailAttribute": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"Provider": {
"EntityId": "<the entityID in the metadata XML>",
"LoginEndpoint": "<the SingleSignOnService url in the metadata XML>",
"X509Certificate": "<the X509Certificate in the metadata XMl>"
}
"<Azure SAML Metadata URL>" | ||||
ADFS | ADFS | Registration steps: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-2.2 Rely Party: https://<OneList hostname>/ Map the SAMAccount-Name to the Name ID claim. Hint: use the Windows event log on the ADFS server to investigate errors, and the rely party above must end with '/'. Add rules to map claims:
|
https://adfs.mycompany.com/FederationMetadata/2007-06/FederationMetadata.xml
| { |
OpenID Connect | Registration steps: https://developers.google.com/identity/protocols/OpenIDConnect Redirect URL: https://<OneList hostname>/rolemanager/signin-google |
| { | |
Salesforce | OpenID Connect | Create a connected app: https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm Callback URL: https://<onelist hostname>/rolemanager/signin-salesforce |
| { |
Duo | SAML | From the "XML metadata" file of the Duo Access Gateway admin console:
| { | |
SAP | OpenID Connect | OpenID Connect registration: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/8a0aa2ea5a0744879a7ec2be0bc023cf.html Callback URL: https://<onelist hostname>/rolemanager/signin-sap |
| { |