Our central user login service now supports user authentication via 3rd-party IdP (Identity Provider) using a protocol called SAML (which stands for Security Assertion Markup Language).
SAML authentication protocol is an industry-standard and it is supported by all major IdPs (such as Google, Microsoft, AWS, etc.).
Using SAML provides great advantages such as:
It enhances security by providing an extra level of authentication.
All SPs (Service Providers) which are essentially applications used by the user (in our case for example the Quicklizard dashboard) can be accessed with an SSO (Single Sign-On) without the need to have several accounts and passwords for every application (Service Provider).
User identity management is managed at the IdP level which is more comfortable and secure.
Please note that the setup we are using distinguishes between identity management (provided by IdP) and roles/permissions/authority management which is provided by Quicklizard.
Essentially, once you use a 3rd-party IdP with Quicklizard, you will need to define users as normal in our system, and only existing users, with Quicklizard permissions and roles, that are successfully authenticated against the IdP, will be allowed to log in.
Here's an example of how to set it up using Microsoft Azure:
In order for us to enable this feature, we will only require a SAML-compliant IdP configuration.
Once it is provided, we can set it up on our end.
Important glossary:
SAML = Security Assertion Markup Language
SP = Service Provider
Idp = Identity Provider
SSO = Single Sign On
The setup process:
-
We create a new SAML-Provider and provide you with the following details to configure on your end:
Identifier (Entity ID)= will be provided by Support team
REPLY URL(Assertion Consumer Service URL)=https://login.production.usea.quicklizard.com/saml/callback/ID or https://login.euca.quicklizard.com/saml/callback/ID (Based on the data center you are connected to).
The actual ID from point b will be provided by Quicklizard
Add a field mapping/attribute claims, that maps the user’s email to a field named email.
-
Make sure that the users in Quicklizard are defined as normal and that they are defined correctly on your IdP as well.
Once the configurations from point 1 were configured properly on your end, you will then have to create an XML Metadata file from your IdP and send it over to Quicklizard.
Quicklizard links the XML Metadata file to the newly created SAML-Provider.
Once all steps were completed, access to the system will be done via the single-sign-on, and any user logging into the Quicklizard platform will be authenticated using the IdP.
Please note that Quicklizard uses SAML IdP for authentication only, and user roles, restrictions, and permissions are set by Quicklizard.
Comments
0 comments
Please sign in to leave a comment.