Info |
---|
An Authentication Provider is a system or service responsible for verifying the identity of users attempting to access a resource, such as a website, application, or network. It is a crucial component of the authentication process and is often part of a larger identity and access management (IAM) system. |
...
Overview
ConnectSecure supports the following providers.
...
Getting Started
To set up an Authentication Provider, log in at https://authprod.myconnectsecure.com and complete these steps:
Click on the Settings header at the top
Click on the Identity Providers section on the left
Tap on the tile of the provider
...
Providers
Each provider has their unique values and requirements for the integration. Please check out the setup guide for the individual provider(s) as required.
Microsoft
Microsoft Azure AD Configuration
Register a new client
...
This completes the Microsoft Azure AD Authentication Providers Setup.
GitHub
Register a new application
For GitHub browse to the Register a new OAuth application. You can find this link withing within Settings - Developer Settings - - OAuth Apps.
For GitHub Enterprise go navigate to your GitHub Enterprise home page and then to Settings - Developer Settings - OAuth Apps - Register a new application/New OAuth App
Fill in the application name and homepage URL.
You have to add the authorization callback URL, where GitHub should redirect, after the user has authenticated himself. In this example our test instance has the domain
https://acme-gzoe4x.zitadel.cloud
. This results in the following authorization callback URL: https://authprod.myconnectsecure.com/ui/login/login/externalidp/callback
...
To set up an Authentication Provider, log in at https://authprod.myconnectsecure.com and complete these steps:
Click on Company Logo.
Navigate to the Settings
Modify your login policy in the menu "Login Behavior and Security"
Enable the attribute "External IDP allowed"
...
Go to the
...
IDP Providers Overview
Go to the settings page of your instance or organization and choose "Identity Providers".
In the table you can see all the providers you have configured. Also, you see all provider templates that are available.
...
The GitHub provider templates have everything you need preconfigured. You only have to add the client ID and secret, you have created in the step before.
You can configure the following settings if you like, a useful default will be filled if you don't change anything:.
Scopes: The scopes define which scopes will be sent to the provider,
openid
,profile
, andemail
are prefilled. This information is used to create and/or update the user within ZITADEL. ZITADEL ensures that at least theopenid
-scope is always sent.Automatic creation: If this setting is enabled the user will be created automatically within ZITADEL, if it doesn't exist.
Automatic update: If this setting is enabled, the user will be updated within ZITADEL, if some user data is changed withing the provider. E.g if the lastname changes on the GitHub account, the information will be changed on the ZITADEL account on the next login.
Account creation allowed: This setting determines if account creation within ZITADEL is allowed or not.
Account linking allowed: This setting determines if account linking is allowed. When logging in with a GitHub account, a linkable ZITADEL account has to exist already.
...
Enter the verification code and click on Next to login to ConnectSecure portal.
...
Once the email address has been Successfully verified and The user will created with NO ROLE assigned to it. Admin should assign the Role as per the requirement.
The Admin user can assign the role to IDP so the user can login and access the ConnectSecure portal.
...
This completes the GitHub Authentication Providers Setup.
GitLab
Register a new application
...
Navigate to the Settings.
Modify your login policy in the menu Login Behavior and Security.
Enable the attribute External IDP allowed.
...
Go to the Identity Providers Overview
...
Once the email address has been Successfully verified and The user will created with NO ROLE assigned to it. Admin should assign the Role as per the requirement.
The Admin user can assign the role to IDP so the user can login and access the ConnectSecure portal.
This completes the GitLab Authentication Providers Setup.
...
Get Support
If you have an integration-related inquiry, please email support@connectsecure.com with the details, and our Support Team will assist you.