Versions Compared

Version Old Version 9 New Version 10
Changes made by

Subrat Sandilya

Subrat Sandilya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Adeptia Connect Cloud Configuration Document

Learning Objective

In this documentation, we will focus on integrating Adeptia Connect with Okta, a leading Identity Cloud platform known for its security and neutrality. We will explore how to configure Adeptia Connect to work with Okta as an IDP, as well as the process for adding additional IDPs if needed. By the end of this session, you'll be equipped to implement a robust SSO solution within your organization's Adeptia Connect environment, ensuring streamlined access while maintaining security.

Introduction

In today's digital landscape, ensuring secure and efficient user authentication across multiple platforms is critical. Single Sign-On (SSO) simplifies the user experience by allowing one set of credentials to access multiple applications. Adeptia Connect 4.x supports SSO through SAML, an XML-based protocol that allows the secure exchange of authentication data between an Identity Provider (IDP) and a Service Provider (SP).

Requirement 

To implement single sign-on in our Adeptia Connect 4.x using SAML with multiple IDPs. Here we are integrating with Okta (Identity Cloud is an independent and neutral platform that securely connects.) and single sign-on by using SAML in Adeptia Connect.

Implementation Steps

Below are the high-level steps of SAML integration with Okta in Adeptia Connect.

...

       For Example: https://<<AIG <<XYZ domain name>>/saml2/service-provider-metadata/default

...

</saml2:Attribute>

...

  • Now when you go to the AIG XYZ DEV application URL, it will redirect to your Okta sign-in Page. Login into Okta, and it will redirect you to the application successfully. 

  • In the application, a user will be logged in with the default role assigned at the time of user creation in Adeptia Connect. 

...

  • If a user has more than one role in the application then it will give you the option to select the role from which the user wants to log in after redirecting you in the application.

  • IDP SSO Initiated URL 

    • After successful integration with Okta, we can use the IDP SSO Initiated URL as well to log into the AIG XYZ DEV Adeptia Application. Go to the 

...

Reference: 1.  Okta Documentation Link: https://www.okta.com/integrate/documentation/saml/

...

AIG XYZ AC4  OKTA SAML SSO Configuration (Internal Configurations)

...

  1. Then search SAML_SSO_METADATA_GENERATOR_ENTITY_BASE_URL property and change the default value(https://ac-webapp-gateway) from application URL like https://aigxyz-dev.adeptia.com

...

  1. Then search SAML_SSO_IDPS_CONFIGURATION_0_METADATA_LOCATION property and put the client IDP metadata xml 

...

  • SAML_SSO_IDPS_CONFIGURATION_0_METADATA_LOCATION

    • Value: file:///shared/SAML/Okta_metadata-Adeptia.xml

    • This configuration parameter points to the metadata location file for the first SAML IdP configuration. The file is named "Okta_metadata-Adeptia.xml" and is stored in the /shared/SAML/ directory.

  • SAML_SSO_IDPS_CONFIGURATION_0_REGISTRATION_ID

    • Value: default

    • This parameter sets the registration ID for the first SAML IdP configuration. The value "default" likely indicates that this is the primary or default SAML IdP.

  • SAML_SSO_IDPS_CONFIGURATION_1_METADATA_LOCATION

    • Value: file:///shared/SAML/SAML-AIGXYZ-Adeptia-Dev.xml

    • This parameter points to the metadata location file for the second SAML IdP configuration. The file is named "SAML-AIGXYZ-Adeptia-Dev.xml" and is stored in the /shared/SAML/ directory.

  • SAML_SSO_IDPS_CONFIGURATION_1_REGISTRATION_ID

    • Value: Azure

    • This parameter sets the registration ID for the second SAML IdP configuration. The value "Azure" suggests that this configuration is associated with an Azure-based SAML IdP.

...

  1. Import the client okta certificate (.cer) into Adeptia truststore (cacerts) file (optional)

  2. You can download AIGXYZ-DEV application metadata by using following link <protocol_name>://<ip_address>:<port_number>/saml2/service-provider-metadata/<registration_Id>

For Example:- https://aigxyz-dev.adeptia.com/saml2/service-provider-metadata/default

...

Solution: When we set true to the property SAML_SSO_ROLE_SWITCHING_ENABLE  then after logging successfully in the AIG XYZ application with custom role, we can see switch role functionality as well.

...