This is a guide on integrating your Identity Provider (IdP) with our application. Whether you are using Okta, Entrust, PingFederate, or another standard IdP, this guide will provide you with detailed instructions for configuring the necessary attributes and settings.
On our side, we rely on AWS Cognito and you get your own dedicated user pool that we will help you configure according to your own needs.
Configure OIDC Identity Provider on Our Application's Side
-
Contact Our Support Team: Before configuring your IdP, reach out to our support team to initiate the setup process. Provide details about your IdP, such as its type and any specific requirements.
-
We Provide Callback URL: Our support team will supply the callback URL for your user pool. Ensure accurate entry in your IdP’s settings.
-
Provide Identity Provider Details: Upon contacting our support team, you will need to provide the following details about your IdP:
- Provider Name: Provider display name as shown to the users in the login page.
- Attribute Request Method (Get/Post): HTTP method used by Amazon Cognito to fetch user details from the userInfo endpoint operated by your provider.
- Client ID: Unique identifier for your IdP's configuration; assigned within our application.
- Client Secret: Secure token provided by your IdP, ensuring communication confidentiality between your IdP and our application.
-
Issuer URL: The URL where your IdP publishes its configuration information and that serves as a unique identifier for the provider. Please provide this URL accurately during the configuration process. Amazon Cognito can retrieve the URLs of the
authorization token
,userInfo
, andjwks_uri
endpoints.- Authorization Endpoint: The URL where our application can redirect users for authentication and authorization.
- Token Endpoint: The URL where our application can exchange authorization codes for access tokens.
- User Info Endpoint: The URL where user information can be retrieved after authentication.
- Jwks_URI Endpoint: The URL where JSON web key set can be retrieved for token validation.
-
Configure Attribute Mapping: Discuss attribute mappings with our support team. Required attributes include Email Address and Full Name.
- Email Address: Unique identifier used for user authenticationa and communication. Needs to be a valid email address.
- Full Name: User's full name which can be displayed within our application's user interface.
-
Test Configuration: Our support team will verify the configuration and may request a test authentication to ensure the OIDC integration functions correctly.
Configure SAML 2.0 Identity Provider on Our Application's Side
- Reach Out to Our Support Team: Initiate configuration with our support team and provide IdP details. Provide them with details about your IdP and any specific requirements.
- We Provide ACS URL and Audience URI: Receive ACS URL and and Audience URI (Entity ID) from our team.
- Configure Your Identity Provider: Follow Amazon Cognito’s documentation.
- Provide Identity Provider Metadata XML or endpoint: Supply metadata for your IdP. This typically includes an XML file or a URL containing issuer URL, assertion consumer service URL, and entity ID.
- Configure Attribute Mapping: Inform our support team of desired attribute mappings, with Email Address and Full Name as required.
- Test Configuration: Once metadata and attribute mappings are provided, our support team will configure the integration and may request a test authentication to ensure the SAML 2.0 integration functions correctly.
Conclusion
Congratulations on initiating the configuration process for integrating your IdP with our multitenant application using OIDC or SAML 2.0 protocols.
Our support team is here to guide you through the remaining steps and ensure a smooth integration. Should you encounter any issues or require assistance, please reach out to us for prompt support. Thank you for choosing our application for your authentication needs.