Loading...

Identity Management - Online Help

Identity Management

Use this tab to register an application if you are using Identity Provider (IdP)/Service Provider (SP) single sign-on. Single sign-on with an IdP/SP is available for the Web Console and for the CommCell. For more information, see Single Sign-On for the Web Console and Multi-CommCell Single Sign-On (SSO) Overview.

The following information is displayed:

  • Application Type

    The type of application used for external authentication.

  • Application name

    The user-defined name of the application.

  • Application key

    The application key assigned to the application.

  • Enabled

    If the check box is selected, the application is enabled. If the check box is cleared, the application is disabled.

  • Description

    The user-defined description of the application.

Add

Click to add a new application. For information on the dialog box used to add new applications, see Add/Edit/View Application info.

View

Click to view the application and the application key, token, and secret associated with it.

Edit

Click to edit an application. For information on the dialog box used to edit applications, see Add/Edit/View Application info.

The application token and application secret cannot be manually edited. For information on creating a new application token and application secret, see Renew.

Renew (Available when Application Type equals Regular)

Click to create a new application token and application secret for the application.

The program used to form the encrypted JSON message and to send the message to the Web Console must use the new application token and application secret.

For more information, see External Authentication with Third-Party Integration - Web Console.

Delete

Click to delete the application and the application key, token, and secret associated with it.

Add/Edit/View Application Info (General)

Use these dialog boxes to add an application or to edit or view application information. These dialog boxes open when Add, View, or Edit is clicked from the Identity Management dialog box. For information on the Identity Management dialog box, see Identity Management.

Register New Identity Provider (Available when Application Type equals CommCell)

  • XML File Path

    The path to the IdP certificate that was exported as an XML file when the IdP metadata was created.

  • Redirect URL

    The URL for the Web Console that acts as the IdP. The redirect URL is automatically populated with the URL from the IdP certificate.

  • Use redirect URL for sso

    The option to allow users and user groups to select from a list of CommCell IdPs when they log on. To select the users and user groups this applies to, click the Association tab.

Application Info

  • Display Name (Available when Application Type equals CommCell)

    The name of the application. The name is automatically populated with the name from the IdP certificate.

  • Application name

    The user-defined name of the application.

  • Application key (Not available in the "Add" dialog box)

    The application key assigned to the application.

  • Enabled

    If the check box is selected, the application is enabled. If the check box is cleared, the application is disabled.

Description

The user-defined description of the application.

Add/Edit/View Application Info

Third Party (Edit and View)

The information in this tab is read-only. To generate a new application token and application secret, use the Renew button in the Identity Management dialog box.

Application token

The application token assigned to the application.

Application secret

The application secret assigned to the application.

SAML

Use this tab to add provider metadata for use with SAML authentication. This tab is available when Add > SAML is selected.

Enable Signature verification

Select this option if the Service Provider (SP) should sign the request message before sending it to the Identity Provider (IdP).

Use redirect URL for SSO

The option to allow users and user groups to select from a list of SAML IdPs when they log on. To select the users and user groups this applies to, click the Association tab.

Upload IDP Metadata

  • File Path

    The location and file name of the XML file that contains the Identity Provider (IdP) metadata.

  • Entity ID

    A unique ID for the Identity Provider (IdP). This information is uploaded from the IdP metadata file.

  • Redirect Url

    The URL the Service Provider (SP) uses to send the initial SAML authentication request to the Identity Provider (IdP). The request information is encoded and sent as part of the URL. This information is uploaded from the IdP metadata file.

  • Logout Url

    The URL users are redirected to when they log off. This information is uploaded from the IdP metadata file.

Reuse\Generate SP metadata

  • Use submitted metadata

    This option is available if Service Provider (SP) metadata exists. Select this option to keep the existing SP metadata when you update the Identity Provider (IdP) metadata.

  • Generate new metadata

    Select this option to generate Service Provider (SP) metadata or to replace existing SP metadata.

  • File Path

    The location and file name of the key store file.

  • Web Console

    The Web Console to use with SAML authentication.

  • Alias Name

    The alias name used in the key store file.

  • Key store password

    The key store password used for the key store file.

  • Key password

    The key password used in the key store file.

  • Destination file path

    The location and file name for the Service Provider (SP) metadata XML file. The XML is created once OK is clicked.

View Certificate

Click to view the Service Provider (SP) certificate. Before clicking View certificate, the certificate file path, alias name, key store password, and key password must be entered.

Add/Edit/View Application Info (Association)

For CommCell applications: Select users and user groups who can choose from a list of CommCell IdPs when they log on.

For SAML applications: Select users and user groups who can choose from a list of SAML IdPs when they log on.

Local Identity Management

Enable

Select to have the CommCell act as the Identity Provider (IdP). The IdP CommCell stores and serves user identity metadata and generates Security Assertion Markup Language (SAML) tokens to authenticate users.

  • Export

    When the CommCell is the IdP, you can click Export to save the IdP metadata as an XML file.

  • Renew

    When the CommCell is the IdP, you can click Renew to renew the certificate.

  • This commcell can issue SAML tokens for users belonging to this section.

    Select the users and user groups for whom SAML tokens can be issued.

  • Redirect URL

    The Web Console through which the user accesses the IdP CommCell. For example, when you access a SP Web Console and you are not logged on, you are redirected to the Web Console defined here.

  • Webservice URL

    The URL for the Web service.

View certificate

Certificate Data

The encoded Service Provider (SP) certificate.