Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Single Sign On (SSO)


            TABLE OF CONTENTS

            SSO Login Flow 

            The SSO login flow involves several steps, starting with the user's authentication request and ending with Spacewise authenticating the user and mapping them to the appropriate teams and roles.

            Prerequisites

            Before setting up SSO login with Spacewise, ensure the following:

            • You have defined user roles and teams/units, based on your organizations needs.
            • You have chosen an Identity Provider (IdP) that supports the OpenID Connect (OIDC) standard.


            Please provide a list with the endpoints: 

            •  issuer
            •  authorization_endpoint
            •  token_endpoint
            •  jwks_uri
            •  userinfo_endpoint
            •  introspection_endpoint
            •  Revocation_endpoint


            We will need the following scopes: 

            • openid, 
            • token
            • first name
            • last name
            • email
            • groups
            • custom attributes


            The following groups (or similar) should be configured including the respective role of that user in that team/group:

            • SPACEWISE-INT-ADMIN, 
            • SPACEWISE-INT-MANAGER
            • SPACEWISE-INT-USER


            They will be mapped to the roles “Admin”, “Manager” and “User” respectively.


            [id, e.g. openid]
[token]
[email]
[firstname]
[lastname]
[title]
[custom_attributes]
[permissions]
    ["team 1", manager]
    ["unit 3", user]
    ["unit 8", user]


            Find more information about user roles.

            Integration Testing

            To test the integration, we will access to the following user accounts:


            UsernamePasswordEnvironmentDescription Internal ID
            [Test-User-User][Password]INT/PRODRole: user[ID]
            [Test-User-Admin][Password]INT/PRODRole: admin[ID]
            [Test-User-None][Password]INT/PRODUser has no access[ID]



            Sample Setup

            Usually, customers provide us with a form to apply for SSO access



            		Description
            1. Technical contactE-Mail of the person who is responsible for the external application.
            2. Landing page URLWhen calling this URL, Spacewise will automatically start the OIDC authentication flow. This provides a seamless SSO without any interaction of the user at the counter.
            3. Redirect URLAfter authentication, the identity provider will redirect to this page, where the application must check the credentials to ensure application security.
            4. Refresh TokenPlease state if you need a refresh token for session handling.



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0