How to integrate with an identity provider
Here are the detailed steps to integrate the identity provider with the Digibee Integration Platform.
Once it is confirmed that the identity provider supports the SAML 2.0 protocol, it is possible to follow the steps to integrate with the Digibee integration Platform. When the integration is complete, the integrated authentication and authorization functionality is habilitated, enabling federated authorization for the client realm.
The Identity Provider Integration feature also supports integration into multiple realms on the Digibee Integration Platform for the same identity provider, in other words it enables single sign-on to all realms (from the same client) simultaneously via a single integration.
IMPORTANT: This feature is only available for existing realms in the same region, cluster, and facility.
To learn more about what an identity provider is and the benefits of integrating with the Digibee Integration Platform, read this article.
To start the integration process, the intention must first be expressed to Digibee. This can be done in two ways:
- Request to the support team via Digibee Integration Platform chat or by email: [email protected];
- Contact your Customer Service Management (CSM) representative.
IMPORTANT: If you are interested in integrating more than one realm in the same IdP, just inform Digibee in this step.
When requesting integration, the SAML 2.0 endpoint keys must be provided. It is possible to send an XML file with the content or the identity provider single sign-on URL of the XML file.
Here is an example of a URL that can be sent:
https://login.microsoftonline.com/{{UUID}}/FederationMetadata/2007-0
6/FederationMetadata.xml.
IMPORTANT: there are ADFS cases that are segmented and, if applicable, it is important to specify the corresponding appid along with the metadata URL in the following format:
“…Federationmetadata.xml?appid=2a954093-fd61-469d-861e-704236a96bd5”
After receiving the endpoint and performing the required internal configuration, Digibee sends a new URL containing the name of the requesting organization and additional data to configure the identity provider's SAML 2.0 environment:
- Assertion Consumer Service (ACS) URL: known as the callback URL and has the following format: https://{cliente}.auth.godigibee.io/samlv2/acs
- Issuer: is referred to as identity provider entityId and has the following format: https://{cliente}.auth.godigibee.io/samlv2/sp/{{UUID}}
- Metadata URL: identifies the actors involved in different profiles, such as the identity provider's SSO and the service provider's SSO:… https://{cliente}.auth.godigibee.io/samlv2/sp/metadata/{{UUID}}
Next, it will be essential to configure the endpoints sent by Digibee and, if necessary, enable firewall rules for the endpoints.
IMPORTANT: check with your security team to see if there are any access restrictions on the URLs provided by Digibee.
After all settings have been made, the Digibee Integration Platform must be accessed via the URL provided by Digibee, which has the following format:
"https://{cliente}.auth.godigibee.io/oauth2/authorize?client_id={cliente-id}&response_type=code&redirect_uri=%2Flogin"
Finally, the client validates the environment, and if everything is in order, the environment is released to all users.
\
Last modified 17d ago