SSO Configuration: OAuth
- Chilukuri Srinivasa Reddy (Unlicensed)
- Shilpa K (Deactivated)
- Enterprise IT
OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
Using OAuth you can enable Single Sign Ons for the following portals:
To enable Single Sign on for Office 365 from SummitAI, the following configuration should be done in Office 365 portal.
- Log into Office 365 using https://apps.dev.microsoft.com/.
Figure: Office 365 Login Screen Enter your Office 365 credentials and login to the portal. My Applications page is displayed.
Figure: My Applications pageNote:
Under Converged Applications you can configure both Office 365 and Azure. Under Azure AD only Applications you can configure only Azure.
- Click Add an app under Converged Applications. Register your application pop-up page is displayed.
Figure: Register your Application pop-up page Specify a name for the application and click Create. The Application ID is displayed.
Figure: Office 365 PageNote:
The Application ID displayed here is the Client ID to be used in SummitAI application.
Click Generate New Password. A New password is generated and displayed in the Pop-up page. This is the only time the password is displayed. Store it securely.
Figure: New Password generated pop-up pageNote:
The Password generated here is the Client Secret Key in SummitAI application.
- Click Add Platform under the Platforms section. The Add Platform pop-up page is displayed.
Figure: Add Platform Pop-up page - On the Add Platform pop-up page, select Web.
Specify the Redirect URL. This URL is your SummitAI Web Application login URL. (Eg: https://baseurl/SUMMIT_SAMLResponse.aspx).
Note
- The Redirect URL you provide here should be entered in the Redirect URL field in SummitAI application.
- The Delegated Permissions (user.read) displayed in the Microsoft Graph Permissions section should be entered in the Scope field of SummitAI application.
Figure: Microsoft Graph Permissions section- Click SAVE after all the above actions are performed.
Figure: Office 365 page
To Configure SSO for Office 365 from SummitAI:
- Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Office 365 - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field Description
The following table describes the fields on the SSO CONFIGURATION page:
Fields | Description |
---|---|
Domain | Select the domain name from the list. The OAuth based authentication will be configured for the selected domain. |
URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews |
Grant Type | Select the Grant Type as Authorization Code from the drop-down list. |
Authorization URL | Specify the following Authorization URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize |
Access Token URL | Specify the following Access Token URL: https://login.microsoftonline.com/common/oauth2/v2.0/token |
Client ID | Specify the Client ID. This is the Application ID from Office 365 portal. Refer to Prerequisites section for more information about this field. |
Client Secret Key | Specify the Client Secret Key. This is the Password generated from Office 365 portal. Refer to Prerequisites section for more information about this field. |
User Information URL | Specify the following User Information URL: |
Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Office 365 portal. Eg: https://baseurl/SUMMIT_SAMLResponse.aspx |
ACS URL | Specify the ACS URL. |
Include ACS URL | If selected, the ACS URL is included. |
Scope | Specify the Scope as user.read. This is from the Delegated Permissions section of Office 365 portal. |
Response Attribute | Specify the Response Attribute as mail. |
User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using OAuth authentication method. |
Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. |
Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
- Log into Office 365 using https://apps.dev.microsoft.com/.
Figure: Office 365 Login Screen Enter your Office 365 credentials and login to the portal. My Applications page is displayed.
Figure: My Applications pageNote:
Under Converged Applications you can configure both Office 365 and Azure. Under Azure AD only Applications you can configure only Azure.
- Click Add an app under Converged Applications. Register your application pop-up page is displayed.
Figure: Register your Application pop-up page Specify a name for the application and click Create. The Application ID is displayed.
Figure: Office 365 PageNote:
The Application ID displayed here is the Client ID to be used in SummitAI application.
Click Generate New Password. A New password is generated and displayed in the Pop-up page. This is the only time the password is displayed. Store it securely.
Figure: New Password generated pop-up pageNote:
The Password generated here is the Client Secret Key in SummitAI application.
- Click Add Platform under the Platforms section. The Add Platform pop-up page is displayed.
Figure: Add Platform Pop-up page - On the Add Platform pop-up page, select Web.
Specify the Redirect URL. This URL is your SummitAI Web Application login URL. (Eg: https://baseurl/SUMMIT_Weblogin.aspx).
Note:
- The Redirect URL you provide here should be entered in the Redirect URL field in SummitAI application.
- The Delegated Permissions (user.read) displayed in the Microsoft Graph Permissions section should be entered in the Scope field of SummitAI application.
Figure: Microsoft Graph Permissions section- Click SAVE after all the above actions are performed.
Figure: Office 365 page
To Configure SSO for Office 365 from SummitAI:
- Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Office 365 - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field Description
The following table describes the fields on the SSO CONFIGURATION page:
Fields | Description |
---|---|
Domain | Select the domain name from the list. The OAuth based authentication will be configured for the selected domain. Note: This field is not visible for single domain users. |
URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews |
Grant Type | Select the Grant Type as Authorization Code from the drop-down list. |
Authorization URL | Specify the following Authorization URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize |
Access Token URL | Specify the following Access Token URL: https://login.microsoftonline.com/common/oauth2/v2.0/token |
Client ID | Specify the Client ID. This is the Application ID from Office 365 portal. Refer to Prerequisites section for more information about this field. |
Client Secret Key | Specify the Client Secret Key. This is the Password generated from Office 365 portal. Refer to Prerequisites section for more information about this field. |
User Information URL | Specify the following User Information URL: |
Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Office 365 portal. Eg: https://baseurl/SUMMIT_SAMLResponse.aspx |
ACS URL | Specify the ACS URL. |
Include ACS URL | If selected, the ACS URL is included. |
Scope | Specify the Scope as user.read. This is from the Delegated Permissions section of Office 365 portal. |
Response Attribute | Specify the Response Attribute as mail. |
User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using OAuth authentication method. |
Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. |
Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
To enable Single Sign on for Azure from SummitAI, the following configuration should be done in Azure portal.
Prerequisites to be performed in Azure Portal:
- Go to https://portal.azure.com. The login page is displayed.
- Login to the application with valid Azure credentials.
- On the menu, click Azure Active Directory, and then click App Registrations.
Figure: Azure Active Directory Menu - Click New App Registration.
Figure: New Application Registration Menu - Specify the Name, Application Type, and Sign-on URL. Click Create.
Figure: Creating Application The application is created and displayed in the list. Click the newly created application.
Figure: Application Pop-upNote:
The Application ID displayed here is the Client ID to be specified in SummitAI application.
- Click Settings and then click Reply URLs. The Reply URL mentioned here is the Redirect URL to be entered in the SummitAI application.
Figure: Reply URLs - Click Required Permissions and then click ADD.
Figure: Required Permissions Menu - Click Select an API, and then select Microsoft Graph.
x
Figure: Selecting API - Click Select Permissions and select Send mail as a user, Sign in and read user profile under Delegate Permissions section, and click Done.
Figure: Select Permissions Menu - Select Keys and specify the required information. Click Save.
Figure: Keys Section The Password is displayed. This is the only time you will be able to see it. Store it securely.
Figure: PasswordNote:
The Password displayed here is the Client Secret Key in SummitAI application.
To Configure SSO for Azure from SummitAI:
- Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Azure - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field Description
The following table describes the fields on the SSO CONFIGURATION page:
Fields | Description |
---|---|
Domain | Select the domain name from the list. The Azure OAuth based authentication will be configured for the selected domain. Note: This field is not visible for single domain users. |
URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews |
Grant Type | Select the Grant Type as Authorization Code from the drop-down list. |
Authorization URL | Specify the following Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize |
Access Token URL | Specify the following Access Token URL: |
Client ID | Specify the Client ID. This is the Application ID from Azure portal. Refer to Prerequisites section for more information about this field. |
Client Secret Key | Specify the Client Secret Key. This is the Password generated from Azure portal. Refer to Prerequisites section for more information about this field. |
User Information URL | Specify the following User Information URL: |
Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Azure portal. Eg: https://baseurl/SUMMIT_SAMLResponse.aspx |
ACS URL | Specify the ACS URL. |
Include ACS URL | If selected, the ACS URL is included. |
Scope | Specify the Scope as user.read |
Response Attribute | Specify the Response Attribute as userPrincipalName. Note: When the Response Attribute field is configured as userPrincipleName and Azure is returning the username as an Email ID then you must configure the key <add key="ConfigureOAuthLoginType" value="W" /> in the Web.Config file. |
User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using Azure OAuth authentication method. |
Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
Prerequisites to be performed in Azure Portal:
- Go to https://portal.azure.com. The login page is displayed.
- Login to the application with valid Azure credentials.
- On the menu, click Azure Active Directory, then click App Registrations.
Figure: Azure Active Directory Menu - Click New App Registration.
Figure: New Application Registration Menu - Specify the Name, Application Type, and Sign-on URL. Click Create.
Figure: Creating Application The application is created and displayed in the list. Click the newly created application.
Figure: Application Pop-upNote:
The Application ID displayed here is the Client ID to be specified in SummitAI application.
- Click Settings and then click Reply URLs. The Reply URL mentioned here is the Redirect URL in SummitAI application.
Figure: Reply URLs - Click Required Permissions and then click ADD.
Figure: Required Permissions Menu - Click Select an API and then select Microsoft Graph.
Figure: Selecting API - Click Select Permissions and select Send mail as a user, Sign in and read user profile under Delegate Permissions section. click Done after selecting.
Figure: Select Permissions Menu - Select Keys and specify the required information. Click Save.
Figure: Keys section The Password is displayed. This is the only time you will be able to see it. Store it securely.
Figure: PasswordNote:
The Password displayed here is the Client Secret Key in SummitAI application.
OR
- Log into Office 365 using https://apps.dev.microsoft.com/.
Figure: Office 365 Login Screen Enter your Office 365 credentials and login to the portal. My Applications page is displayed.
Figure: My Applications pageNote:
Under Converged Applications you can configure both Office 365 and Azure. Under Azure AD only Applications you can configure only Azure.
- Click Add an app under Converged Applications. Register your application pop-up page is displayed.
Figure: Register your Application pop-up page Specify a name for the application and click Create. The Application ID is displayed.
Figure: Office 365 PageNote:
The Application ID displayed here is the Client ID to be used in SummitAI application.
Click Generate New Password. A New password is generated and displayed in the Pop-up page. This is the only time the password is displayed. Store it securely.
Figure: New Password generated pop-up pageNote:
The Password generated here is the Client Secret Key in SummitAI application.
- Click Add Platform under the Platforms section. The Add Platform pop-up page is displayed.
Figure: Add Platform Pop-up page - On the Add Platform pop-up page, select Web.
Specify the Redirect URL. This URL is your SummitAI Web Application login URL. (Eg: https://baseurl/SUMMIT_Weblogin.aspx).
Note
- The Redirect URL you provide here should be entered in the Redirect URL field in SummitAI application.
- The Delegated Permissions (user.read) displayed in the Microsoft Graph Permissions section should be entered in the Scope field of SummitAI application.
Figure: Microsoft Graph Permissions section- Click SAVE after all the above actions are performed.
Figure: Office 365 page
To Configure SSO for Azure from SummitAI:
- Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Azure - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field Description
The following table describes the fields on the SSO CONFIGURATION page:
Fields | Description |
---|---|
Domain | Select the domain name from the list. The Azure OAuth based authentication will be configured for the selected domain. |
URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews |
Grant Type | Select the Grant Type as Authorization Code from the drop-down list. |
Authorization URL | Specify the following Authorization URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize (If Configured from Office 365) |
Access Token URL | Specify the following Access Token URL: https://login.microsoftonline.com/common/oauth2/v2.0/token (If Configured from Office 365) |
Client ID | Specify the Client ID. This is the Application ID from Azure portal. Refer to Prerequisites section for more information about this field. |
Client Secret Key | Specify the Client Secret Key. This is the Password generated from Azure portal. Refer to Prerequisites section for more information about this field. |
User Information URL | Specify the following User Information URL: |
Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Azure portal. Eg: https://baseurl/SUMMIT_Weblogin.aspx |
ACS URL | Specify the ACS URL. |
Include ACS URL | If selected, the ACS URL is included. |
Scope | Specify the Scope as user.read |
Response Attribute | Specify the Response Attribute as userPrincipalName . |
User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using Azure OAuth authentication method. |
Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
To enable Single Sign on for Facebook from SummitAI, the following configuration should be done in Facebook application:
- Log into Facebook using https://developers.facebook.com/. Click Log In.
Figure: Login Page - The Facebook login page is displayed. Specify your User Name and Password and click Log In. If you do not have an account already, click Create New Account to Sign up.
Figure: Facebook Login Screen - On the top right corner, hover your mouse over My Apps, and then click Add a New App.
Figure: Add a New App - Create a New App ID pop-up page is displayed. Specify a Display Name and Contact Email, and then click Create App ID.
Figure: Create App ID page You are redirected to the Dashboard page. The App ID is displayed on the top left corner of the page. Click Show to view the App Secret.
Note:
- The App ID displayed here should be entered in the Client ID field of SummitAI application.
- The Client Secret displayed here should be entered in the Client Secret Key field of SummitAI application.
Figure: Dashboard page- Click Settings > Basic. Specify the required information in the fields. Select the Category as Utility & Productivity.
Figure: Settings page - Click Add Platform. The Select Platform pop-up page is displayed. Select Website.
Figure: Select Platform Page - Specify the Site URL and click Save Changes.
Figure: Basic Settings page - Click Advanced and Allow API Access to App Settings.
Figure: Advanced Settings Page - Click Save Changes.
- Click App Review and make your app Public by clicking Yes.
Figure: App Review Page - Click Add Product and select Facebook Login.
Figure: Add Product Under the Valid OAuth redirect URLs section, specify a Re-direct URL.
Figure: Redirect URLNote:
The Redirect URL specified here should be entered in the Redirect URL field of SummitAI Application.
To Configure SSO for Facebook from SummitAI:
- Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Facebook - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field Description
The following table describes the fields on the SSO CONFIGURATION page:
Fields | Description |
---|---|
Domain | Select the domain name from the list. The Facebook OAuth based authentication will be configured for the selected domain. |
URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews |
Grant Type | Select the Grant Type as Authorization Code from the drop-down list. |
Authorization URL | Specify the following Authorization URL: |
Access Token URL | Specify the following Access Token URL: |
Client ID | Specify the Client ID. This is the Application ID from Facebook portal. Refer to Prerequisites section for more information about this field. |
Client Secret Key | Specify the Client Secret Key. This is the Password generated from Facebook portal. Refer to Prerequisites section for more information about this field. |
User Information URL | Specify the following User Information URL: |
Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Facebook portal. Eg: https://baseurl/SUMMIT_SAMLResponse.aspx |
ACS URL | Specify the ACS URL. |
Include ACS URL | If selected, the ACS URL is included. |
Scope | Specify the scope as email,public_profile |
Response Attribute | Specify the Response Attribute as email. |
User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using Facebook OAuth authentication method. |
Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
- Log into Facebook using https://developers.facebook.com/. Click Log In.
Figure: Login Page - The Facebook login page is displayed. Specify your User Name and Password and click Log In. If you do not have an account already, click Create New Account to Sign up.
Figure: Facebook Login Screen - On the top right corner, hover your mouse over My Apps, and then click Add a New App.
Figure: Add a New App - Create a New App ID pop-up page is displayed. Specify a Display Name and Contact Email, and then click Create App ID.
Figure: Create App ID page You are redirected to the Dashboard page. The App ID is displayed on the top left corner of the page. Click Show to view the App Secret.
Not:
- The App ID displayed here should be entered in the Client ID field of SummitAI application.
- The Client Secret displayed here should be entered in the Client Secret Key field of SummitAI application.
Figure: Dashboard page- Click Settings > Basic. Specify the required information in the fields. Select the Category as Utility & Productivity.
Figure: Settings page - Click Add Platform. The Select Platform pop-up page is displayed. Select Website.
Figure: Select Platform Page - Specify the Site URL and click Save Changes.
Figure: Basic Settings page - Click Advanced and Allow API Access to App Settings.
Figure: Advanced Settings Page - Click Save Changes.
- Click App Review and make your app Public by clicking Yes.
Figure: App Review Page - Click Add Product and select Facebook Login.
Figure: Add Product Under the Valid OAuth redirect URLs section, specify a Re-direct URL.
Figure: Redirect URLNote:
The Redirect URL specified here should be entered in the Redirect URL field of SummitAI Application.
To Configure SSO for Facebook from SummitAI:
- Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Facebook - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field Description
The following table describes the fields on the SSO CONFIGURATION page:
Fields | Description |
---|---|
Domain | Select the domain name from the list. The Facebook OAuth based authentication will be configured for the selected domain. |
URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews |
Grant Type | Select the Grant Type as Authorization Code from the drop-down list. |
Authorization URL | Specify the following Authorization URL: |
Access Token URL | Specify the following Access Token URL: |
Client ID | Specify the Client ID. This is the Application ID from Facebook portal. Refer to Prerequisites section for more information about this field. |
Client Secret Key | Specify the Client Secret Key. This is the Password generated from Facebook portal. Refer to Prerequisites section for more information about this field. |
User Information URL | Specify the following User Information URL: |
Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Facebook portal. Eg: https://baseurl/SUMMIT_SAMLResponse.aspx |
ACS URL | Specify the ACS URL. |
Include ACS URL | If selected, the ACS URL is included. |
Scope | Specify the scope as email,public_profile |
Response Attribute | Specify the Response Attribute as email. |
User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using Facebook OAuth authentication method. |
Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
To enable Single Sign on for Okta from SummitAI, the following configuration should be done in Okta portal.
Prerequisites to be performed in Okta Portal
- Sign up in Okta portal using https://www.okta.com/developer/signup/.
Figure: Sign up - Click Get Started. Your login URL is displayed. Login to Okta using this URL. You will receive a confirmation mail. Set your password by clicking this link.
Figure: Okta URL - Specify your User Name and Password and click Sign In.
Figure: Okta Login page - On the top menu, select Security > API.
Figure: Security Menu - On the API page, click Authorization Servers.
Figure: API Page - On the Add Authorization Server pop-up page, Specify Name, Audience, and Description. For more information about these fields, refer https://developer.okta.com/authentication-guide/implementing-authentication/set-up-authz-server.html.
Figure: Add Authorization URL Pop-up page Under the Settings section, the issuer field is displayed. Store this URL securely.
Figure: Settings sectionNote:
The Issuer URL displayed here should be entered in the Authorization URL, Access Token URL, and User Info URL fields of SummitAI application.
- Select Access Policies and click Add Policy. The Add Policy pop-up page is displayed.
Figure: Add Policies pop-up page - On the Add Policy pop-up page, specify the Name, and Description and click Create Policy.
Figure: Add Policy page. - On the Add New Access Policy page, create Add Rule.
Figure: Add New Access Policy Page - On the Add Rule pop-up page, specify the Rule Name and click Create Rule.
Figure: Add Rule Pop-up page - On the top menu, hover your mouse over Applications and select Applications.
Figure: Applications - On the Applications page, click Add Application and then click Create New App.
Figure: Add Application - On the Create New Application pop-up page, select the platform as Web and Sign On Method as OpenID Connect.
Figure: Create New App page On the Create OpenID page, specify the Application Name and the Redirect URL.
Figure: Create OpenID pageNote:
The Redirect URL specified here should be entered in the Redirect URL field of SummitAI application.
On the General Settings Page, click Edit and select all the available options under Allowed grant types. The Client ID and Client Secret are displayed under Client Credentials section. Store them securely.
Figure: General Settings pageNote:
The Client ID and Client Secret displayed here should be entered in the Client Id and Client Secret Key fields of SummitAI application.
- You can add multiple People or Groups to the application under the Assignments section.
Figure: Add Assignment page
To Configure SSO for Okta from SummitAI:
- Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Okta - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field Description
The following table describes the fields on the SSO CONFIGURATION page:
Fields | Description |
---|---|
Domain | Select the domain name from the list. The Facebook OAuth based authentication will be configured for the selected domain. Note: This field is not visible for single domain users. |
URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews |
Grant Type | Select the Grant Type as Authorization Code from the drop-down list. |
Authorization URL | Specify the following Authorization URL: |
Access Token URL | Specify the following Access Token URL: |
Client ID | Specify the Client ID. This is the Application ID from Okta portal. Refer to Prerequisites section for more information about this field. |
Client Secret Key | Specify the Client Secret Key. This is the Password generated from Okta portal. Refer to Prerequisites section for more information about this field. |
User Information URL | Specify the following User Information URL: |
Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Okta portal. Eg: https://baseurl/SUMMIT_SAMLResponse.aspx |
ACS URL | Specify the ACS URL. |
Include ACS URL | If selected, the ACS URL is included. |
Scope | Specify the scope as openid email profile address phone offline_access |
Response Attribute | Specify the Response Attribute as email. |
User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using Okta authentication method. |
Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. |
Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
Prerequisites to be performed in Okta Portal
- Sign up in Okta portal using https://www.okta.com/developer/signup/.
Figure: Sign up - Click Get Started. Your login URL is displayed. Login to Okta using this URL. You will receive a confirmation mail. Set your password by clicking this link.
Figure: Okta URL - Specify your User Name and Password and click Sign In.
Figure: Okta Login page - On the top menu, select Security > API.
Figure: Security Menu - On the API page, click Authorization Servers.
Figure: API Page - On the Add Authorization Server pop-up page, Specify Name, Audience, and Description. For more information about these fields, refer https://developer.okta.com/authentication-guide/implementing-authentication/set-up-authz-server.html.
Figure: Add Authorization URL Pop-up page Under the Settings section, the issuer field is displayed. Store this URL securely.
Figure: Settings sectionNote:
The Issuer URL displayed here should be entered in the Authorization URL, Access Token URL, and User Info URL fields of SummitAI application.
- Select Access Policies and click Add Policy. The Add Policy pop-up page is displayed.
Figure: Add Policies pop-up page - On the Add Policy pop-up page, specify the Name, and Description and click Create Policy.
Figure: Add Policy page. - On the Add New Access Policy page, create Add Rule.
Figure: Add New Access Policy Page - On the Add Rule pop-up page, specify the Rule Name and click Create Rule.
Figure: Add Rule Pop-up page - On the top menu, hover your mouse over Applications and select Applications.
Figure: Applications - On the Applications page, click Add Application and then click Create New App.
Figure: Add Application - On the Create New Application pop-up page, select the platform as Web and Sign On Method as OpenID Connect.
Figure: Create New App page On the Create OpenID page, specify the Application Name and the Redirect URL.
Figure: Create OpenID pageNote:
The Redirect URL specified here should be entered in the Redirect URL field of SummitAI application.
On the General Settings Page, click Edit and select all the available options under Allowed grant types. The Client ID and Client Secret are displayed under Client Credentials section. Store them securely.
Figure: General Settings pageNote:
The Client ID and Client Secret displayed here should be entered in the Client Id and Client Secret Key fields of SummitAI application.
- You can add multiple People or Groups to the application under the Assignments section.
Figure: Add Assignment page
To Configure SSO for Okta from SummitAI:
- Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Okta - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field Description
The following table describes the fields on the SSO CONFIGURATION page:
Fields | Description |
---|---|
Domain | Select the domain name from the list. The Facebook OAuth based authentication will be configured for the selected domain. Note: This field is not visible for single domain users. |
URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews |
Grant Type | Select the Grant Type as Implicit from the drop-down list. |
Authorization URL | Specify the following Authorization URL: |
Access Token URL | Specify the following Access Token URL: |
Client ID | Specify the Client ID. This is the Application ID from Okta portal. Refer to Prerequisites section for more information about this field. |
Client Secret Key | Specify the Client Secret Key. This is the Password generated from Okta portal. Refer to Prerequisites section for more information about this field. |
User Information URL | Specify the following User Information URL: |
Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Okta portal. Eg: https://baseurl/SUMMIT_Weblogin.aspx |
ACS URL | Specify the ACS URL. |
Include ACS URL | If selected, the ACS URL is included. |
Scope | Specify the scope as openid email profile address phone offline_access |
Response Attribute | Specify the Response Attribute as email. |
User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using Okta authentication method. |
Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. |
Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
To enable Single Sign on for Ping Federate from SummitAI, the following configuration should be done in Ping Federate portal.
- Login to Ping Federate server.
Figure: Login Screen - On the Server Configuration tab, click Server Settings.
Figure: Server Configuration On the Server Settings page, configure the tabs as shown below:
System AdministrationFigure: System Administration tab
System InfoFigure: System Info tab
Runtime NotificationsFigure: Runtime Notifications tab
Runtime ReportingFigure: Runtime Reporting tab
Account ManagementFigure: Account Management tab
Roles & ProtocolsMake sure that Enable OAUTH 2.0 Authorization Server (AS) Role is selected.
Figure: Roles & Protocols tab
Federation InfoFigure: Federation Info tab
System OptionsFigure: System Options tab
Metadata SigningFigure: Metadata Signing tab
Metadata LifetimeFigure: Metadata Lifetime tab
Summary
Figure: Summary tabOn the Server Configuration page, click Data Stores.
Figure: Data Stores- On the Manage Data Stores page, click Add New Data Store.
Figure: Manage Data Stores On the Data Store page, configure the tabs as shown below:
Data Store TypeSelect the Data Store Type as LDAP.
Figure: Data Store Type tab
LDAP ConfigurationProvide your LDAP Credentials.
Figure: LDAP Configuration tab
SummaryFigure: Summary tab
On the Server Configuration page, click Active Directory Domains/Kerberos Realms.
On the Manage AD Domains/Kerberos Realms page, click Add Domain/Realm.
Figure: Add Domain/RealmNote:
To check the configuration, click Test Domain/Realm Connectivity. You should receive a Test Successful message if your configuration is correct.
On the Manage Domain/Realm page, Specify the Domain Name, Username and Password.
Figure: Manage Domain/Realm pageOn the Server Configuration page, click Password Credential Validators.
Figure: Password Credential ValidatorsOn the Password Credential Validators page, click Create New Instance.
Figure: Create New InstanceOn the Create Credential Validator Instance, configure the tabs as shown below:
TypeFigure: Type
Instance ConfigurationSpecify the Search Filter as (|(sAMAccountName=${username})(userPrincipalName=${username}))
Figure: Instance Configuration tab
Extended ContractAdd sAMAccountName and userPrincipalName under Extend the Contract.
Figure: Extended Contract tab
Summary
Figure: SummaryOn the Identity Provider page, click Adapters.
Figure: AdaptersOn the Manage IDP Adapter Instances page, click Create New Instance.
Figure: Manage IDP Adapter InstancesOn the Create Adapter Instance page, configure the tabs as shown below:
TypeSelect Type as HTML Form IdP Adapter.
Figure: Adapter Type
IDP AdapterSelect Password Credential Validator Instance as Password Validator and click Update under Action.
Figure: IDP Adapter
Extended ContractUnder Extend the Contract add domainusername and email.
Figure: Extended Contract
Adapter AttributesFigure: Adapter Attributes
Adapter Contract MappingFigure: Adapter Contract Mapping
SummaryFigure: Summary
On the OAuth Server page, click Create New under Clients.
Figure: OAuth Server pageOn the Client page, configure the tabs as shown below:
Figure: Client pageNote:
- Client ID: The Client ID you enter above should be entered in the Client ID field of SummitAI Application.
- Client Secret: The Client Secret generated above should be entered in the Client Secret Key field of SummitAI Application.
- Redirect URL: The Redirect URL you enter above should be entered in the Redirect URL field of SummitAI Application. Example: https://baseurl/Summit_Samlresponse.aspx for Web Application and https://baseurl/Summit_Weblogin.aspx for Mobile Application.
On the OAuth Server page, click Access Token Management under Token Mapping.
Figure: Access Token ManagementOn the Access Token Management page, click Create New Instance.
Figure: Create New InstanceOn the Create Access Token Management Instance, configure the tabs as shown below:
TypeSelect the Type as Internally Managed Reference Tokens.
Figure: Access Token Type
Instance ConfigurationInstance Configuration
Figure: Instance Configuration
Session ValidationFigure: Session Validation
Access Token Attribute ContractUnder Extend the Contract, add domainusername, email, group, username.
Figure: Access Token Attribute Contract
Resource URLsFigure: Resource URLs
Access ControlFigure: Access Control
SummaryFigure: Summary
On the OAuth Server page, click IDP Adapter Mapping.
Figure: IDP Adapter MappingOn the IDP Adapter Mapping page, select HTML Form Adapter from the drop-down list and click Add Mapping. Click Save.
Figure: Add MappingThe Summary page of IDP Adapter Mapping is displayed.
Figure: IDP Adapter SummaryOn the OAuth Server page, click Access Token Mapping.
Figure: Access Token MappingOn the Access Token Attribute Mapping page, select Context as HTML Form Adapter, Access Token Manager as actoken and click Add Mapping. Click Save.
Figure: Access Token Attribute MappingThe Summary page of Access Token Attribute Mapping is displayed.
Figure: SummaryOn the OAuth Server page, click Authorization Server Settings.
Figure: Authorization Server Settings- Configure the Authorization Server Settings page as shown below:
Figure: Authorization Server Settings - On the OAuth Server page, click Scope Management.
Figure: Scope Management - On the Common Scopes tab, add email under Scope Value.
Figure: Common Scopes - On the OAuth Server page, click OpenID Connect Policy Management.
Figure: OpenID Connect Policy Management - On the Policy Management page, click Add Policy.
Figure: Add Policy On the Policy Management page, configure the tabs as shown below:
Prerequisites to be performed in Ping Federate PortalManage PolicyFigure: Manage Policy
Attribute ContractFigure: Attribute Contract
Attribute ScopesFigure: Attribute Scopes
Attribute Sources & User LookupFigure: Attribute Sources & User Lookup
Contract FulfillmentFigure: Contract Fulfillment
Issuance CriteriaFigure: Issuance Criteria
SummaryFigure: Summary
To Configure SSO for Ping Federate from SummitAI:
Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Ping Federate - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field Description
The following table describes the fields on the SSO CONFIGURATION page:
Fields | Description |
---|---|
Domain | Select the domain name from the list. The Facebook OAuth based authentication will be configured for the selected domain. Note: This field is not visible for single domain users. |
URL | Specify the Web Service URL. Example: https://baseurl/summitweblogin.aspx |
Grant Type | Select the Grant Type as Authorization Code from the drop-down list. |
Authorization URL | Specify the Authorization URL: |
Access Token URL | Specify the Access Token URL: |
Client ID | Specify the Client ID. This is the Client ID from Ping Federate Server. Refer to Prerequisites section for more information about this field. |
Client Secret Key | Specify the Client Secret Key. This is the Client Secret generated from Ping Federate Server. Refer to Prerequisites section for more information about this field. |
User Information URL | Specify User Information URL |
Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Ping Federate Server. |
ACS URL | Specify the ACS URL. |
Include ACS URL | If selected, the ACS URL is included. |
Scope | Specify the Scope as openid email. |
Response Attribute | Specify the Response Attribute as email. |
User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using Okta authentication method. |
Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. |
Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. |
Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
ACTIONS
This section explains all the icons displayed on the ACTIONS panel of the SSO CONFIGURATION page.
SHOW LIST
Click SHOW LIST to display the LIST table showing all the SSO Configurations in the SummitAI application for OAuth based authentications.
Figure: SSO CONFIGURATION page: Show List Page
Filters
On the FILTERS pop-up page, select a domain name from the list and then click SUBMIT. A list of OAuth based authentications configured for the selected domain is displayed.
Figure: FILTERS Pop-up page
ADD NEW
Click ADD NEW to configure a new OAuth based authentication for a domain.
Confluence Cloud Migration Alert: Please refer to known issues you may encounter in Confluence Cloud: https://eitdocs.atlassian.net/wiki/x/wDGwAQ