Purpose

The purpose of this document is to provide set up information on the Identity Provider (IdP) integration.

Introduction

An Identity Provider (IdP) offers user authentication as a service. It is a trusted provider that allows the use of Single Sign-On (SSO) to access other application. SSO enhances usability by reducing password fatigue as passwords are maintained on your IdP.

Setting Up Identity Provider

To enable SSO on OUTSCAN or HIAB you must import meta-data from your IdP into the solution. You also need to export the service provider’s meta-data from OUTSCAN or HIAB and import it to your IdP.

Note

While reading the response from IdP during signing in to our portal, we accept signed assertions with parameters. The parameters list which your IdP is returning in response must include your user name in a parameter. By default it is set to parameter named uid but you can set up to different parameter (eg Subject attribute).

To set up Identity Provider:

  1. Go to Menu > Settings > Integrations and select the Identity Provider tab.



  2. Provide the below information to enable Identity Provider (IdP):

    OptionDescription
    EnabledSelect the Enabled checkbox to enable the protocol for single sign-on trusting another source to log in.
    Use one or both of the following option to provide metadata of IdP:
    Get metadata from file:Select Identity provider’s metadata file by clicking the + symbol beside the field. Metadata contains information such as how it works, what type of login is acceptable and so on.
    Get metadata from URL:Provide a URL from which the OUTSCAN or HIAB (Service Provider) should fetch metadata from IdP.
    Subject attribute:
    Enter uid string if you want to use USERNAME that is not an email address. This field cannot be left empty.

    Subject attribute considerations

    uid is a reserved name in Outpost24 software to truncate the USERNAME to the part below the @ sign, meaning that if you want to use email address as USERNAME, you must can not use uid as Subject attribute, but you can use any other string (such as emailAddress).

    Note

    The parameter name must be typed as expected in the SAML authentication response (one single word starting with lowercase and may include some upper cases (eg camelCase)).

    Signature hash algorithm:Select between SHA-256 or SHA-1.
    Direct access to portal:
    SSO binds you respectively to Portal UI or NetSec UI when box is checked or not checked.

    Note

    If 'Direct access to portal' appears in grey then you cannot use this capability unless you update the SP metadata on your Identity Provider. For that you need first to download the SP Metadata by clicking on SP Metadata button and then make sure to upload it on your IdP. Once done you can then select option to be directed to either NetSec or Portal UI. 

    If 'Direct access to portal' appears in grey then only SP initiated SSO is available. If you need to enable IdP initiated SSO then you have to download the SP Metadata by clicking on SP Metadata button and then make sure to upload it on your IdP. Once done you can then perform Single Sign On from the Identity Portal side

    IDP MetadataClick this button to display the currently uploaded metadata of the Identity Provider.
    SP MetadataClick on this button to display the service provider’s metadata.
  3. After enabling the required settings, click Save to save the current settings.
  4. Click Reset to fully remove the current settings. This disables the integration.


Reference

Integrations




Copyright

© 2022 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.