TABLE OF CONTENTS
SSO Login Flow
The SSO login flow involves several steps, starting with the user's authentication request and ending with Spacewise authenticating the user and mapping them to the appropriate teams and roles.
Prerequisites
Before setting up SSO login with Spacewise, ensure the following:
- You have defined user roles and teams/units, based on your organizations needs.
- You have chosen an Identity Provider (IdP) that supports the OpenID Connect (OIDC) standard.
Please provide a list with the endpoints:
- issuer
- authorization_endpoint
- token_endpoint
- jwks_uri
- userinfo_endpoint
- introspection_endpoint
- Revocation_endpoint
We will need the following scopes:
- openid,
- token
- first name
- last name
- groups
- custom attributes
The following groups (or similar) should be configured including the respective role of that user in that team/group:
- SPACEWISE-INT-ADMIN,
- SPACEWISE-INT-MANAGER
- SPACEWISE-INT-USER
They will be mapped to the roles “Admin”, “Manager” and “User” respectively.
[id, e.g. openid] [token] [email] [firstname] [lastname] [title] [custom_attributes] [permissions] ["team 1", manager] ["unit 3", user] ["unit 8", user]
Find more information about user roles.
Integration Testing
To test the integration, we will access to the following user accounts:
Username | Password | Environment | Description | Internal ID |
[Test-User-User] | [Password] | INT/PROD | Role: user | [ID] |
[Test-User-Admin] | [Password] | INT/PROD | Role: admin | [ID] |
[Test-User-None] | [Password] | INT/PROD | User has no access | [ID] |
Sample Setup
Usually, customers provide us with a form to apply for SSO access
Description | |
1. Technical contact | E-Mail of the person who is responsible for the external application. |
2. Landing page URL | When calling this URL, Spacewise will automatically start the OIDC authentication flow. This provides a seamless SSO without any interaction of the user at the counter. |
3. Redirect URL | After authentication, the identity provider will redirect to this page, where the application must check the credentials to ensure application security. |
4. Refresh Token | Please state if you need a refresh token for session handling. |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article