Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

An Authentication Provider is a system or service responsible for verifying the identity of users attempting to access a resource, such as a website, application, or network. It is a crucial component of the authentication process and is often part of a larger identity and access management (IAM) system.

You can connect an Identity Provider (IdP) like GitHub to your instance.

...

Table of Contents

Overview

ConnectSecure supports the following providers.

...

Getting Started

To set up an Authentication Provider, log in at https://authprod.myconnectsecure.com and complete these steps:

  1. Click on the Settings header at the top

  2. Click on the Identity Providers section on the left

  3. Tap on the tile of the provider

...

Providers

Each provider has their unique values and requirements for the integration. Please check out the setup guide for the individual provider(s) as required.

GitHub

Register a new application

...

Client ID and Secret

  • After clicking "Save application", you will see the detail page of the application you have just created. To be able to connect GitLab to ZITADEL you will need a client ID and a client secret. Save the ID and the Secret, you will not be able to copy the secret again, if you lose it you have to generate a new one.

...

  1. Click on Company Logo.

  2. Navigate to the Settings

  3. Modify your login policy in the menu "Login Behavior and Security"

  4. Enable the attribute "External IDP allowed"

...

Go to the IDP Providers Overview

  • Go to the settings page of your instance or organization and choose "Identity Providers".

  • In the table you can see all the providers you have configured. Also, you see all provider templates that are available.

...

Create a new GitHub Provider

  • The GitHub provider templates have everything you need preconfigured. You only have to add the client ID and secret, you have created in the step before.

  • You can configure the following settings if you like, a useful default will be filled if you don't change anything.

  • Scopes: The scopes define which scopes will be sent to the provider, openid, profile, and email are prefilled. This information is used to create and/or update the user within ZITADEL. ZITADEL ensures that at least the openid-scope is always sent.

  • Automatic creation: If this setting is enabled the user will be created automatically within ZITADEL, if it doesn't exist.

  • Automatic update: If this setting is enabled, the user will be updated within ZITADEL, if some user data is changed withing the provider. E.g if the lastname changes on the GitHub account, the information will be changed on the ZITADEL account on the next login.

  • Account creation allowed: This setting determines if account creation within ZITADEL is allowed or not.

  • Account linking allowed: This setting determines if account linking is allowed. When logging in with a GitHub account, a linkable ZITADEL account has to exist already.

...

Activate IdP

  • Once you created the provider, it is listed in the providers overview. Activate it by selecting the tick with the tooltip set as available.

  • If you deactivate a provider, your users with links to it will not be able to authenticate anymore. You can reactivate it and the logins will work again.

...

Test the setup

To test the setup, use incognito mode and browse to your login page. You see a new button which redirects you to your GitHub login screen.

...

  • Once the email address has been Successfully verified and The user will created with NO ROLE assigned to it. Admin should assign the Role as per the requirement.

  • The Admin user can assign the role to IDP so the user can login and access the ConnectSecure portal.

...

This completes the GitHub

...

GitLab

Register a new application

  1. Login to gitlab.com

  2. Select Edit Profile

  3. Click on Applications in the side navigation

For GitLab Self-Hosted go to your GitLab self-hosted instance and follow the same steps as for GitLab.

Fill in the application name.

You have to add the redirect URI, where GitLab should redirect, after the user has authenticated himself. In this example our test instance has the domain https://acme-gzoe4x.zitadel.cloud. This results in the following redirect URI: https://authprod.myconnectsecure.com/ui/login/login/externalidp/callback

...

Client ID and Secret

After clicking "Save application", you will see the detail page of the application you have just created. To be able to connect GitLab to ZITADEL you will need a client ID and a client secret. Save the ID and the Secret, you will not be able to copy the secret again, if you lose it you have to generate a new one.

...

To Add Identity Provider in Your ConnectSecure Instance.

  1. Login to ConnectSecure portal and Click on Profile.

...

  • Click on Company Logo.

...

  • Navigate to the Settings.

  • Modify your login policy in the menu Login Behavior and Security.

  • Enable the attribute External IDP allowed.

...

Go to the Identity Providers Overview

Go to the Settings page of your instance or organization and choose "Identity Providers".

In the table you can see all the providers you have configured. Also, you see all provider templates that are available to be configured.

...

Select the GitLab or GitLab Self Hosted Provider template.

Create a new GitLab Provider

The GitLab provider templates have everything you need preconfigured. Add the client ID and secret you have created in the Gitlab Application.

You can configure the following settings if you like, a useful default will be filled if you don't change anything:

Scopes: The scopes define which scopes will be sent to the provider, openid, profile, and email are prefilled. This informations will be taken to create/update the user within ZITADEL. ZITADEL ensures that at least the openid-scope is always sent.

Automatic creation: If this setting is enabled the user will be created automatically within ZITADEL, if it doesn't exist.

Automatic update: If this setting is enabled, the user will be updated within ZITADEL, if some user data is changed withing the provider. E.g if the lastname changes on the GitLab account, the information will be changed on the ZITADEL account on the next login.

Account creation allowed: This setting determines if account creation within ZITADEL is allowed or not.

Account linking allowed: This setting determines if account linking is allowed. When logging in with a GitLab account, a linkable ZITADEL account has to exist already.

...

Activate IdP

Once you created the provider, it is listed in the providers overview. Activate it by selecting the tick with the tooltip set as available.

If you deactivate a provider, your users with links to it will not be able to authenticate anymore. You can reactivate it and the logins will work again.

...

  • Provide all the fields (Give Name, FamilyName, Username, E.mail, Phone number, Language) and click on Register to create user in the ConnectSecure portal.

...

  • You will receive a verification code at your given email.

...

  • Enter the verification code and click on Next to login to ConnectSecure portal.

...

Once the email address has been Successfully verified and The user will created with NO ROLE assigned to it. Admin should assign the Role as per the requirement.

...

The Admin user can assign the role to IDP so the user can login and access the ConnectSecure portal.

...

Authentication Providers Setup.

...

Get Support

If you have an integration-related inquiry, please email support@connectsecure.com with the details, and our Support Team will assist you.