[et_pb_section fb_built=”1″ _builder_version=”4.23.1″ _module_preset=”default” custom_padding=”0px|||||” global_colors_info=”{}”][et_pb_row _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” header_5_line_height=”1.5em” global_colors_info=”{}”]<\/p>\n
In this section we will discuss the SAML integration of OVIO. With this section we can easily integrate our application into your current identity provider. This leads to an automatic import, user maintenance and assignment of authorizations in company-based groups \/ departments.<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″]<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” header_5_line_height=”1.5em” global_colors_info=”{}”]<\/p>\n
Amazon AWS Identity<\/p>\n
Google Identity<\/p>\n
Microsoft Entra<\/p>\n
OCTA<\/p>\n
Every other provider that supports SAML 2.0.<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″]<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n
This example is based on a Microsoft Entra integration.<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n
| \n Attribut<\/strong><\/p>\n<\/td>\n Wert<\/strong><\/p>\n<\/td>\n<\/tr>\n Identifier (Entity ID)<\/p>\n<\/td>\n https:\/\/serverurl.domin.de\/something<\/p>\n<\/td>\n<\/tr>\n Reply URL (Assertion Consumer Service URL)<\/p>\n<\/td>\n https:\/\/serverurl.domin.de\/something<\/p>\n<\/td>\n<\/tr>\n Logout URL\u00a0<\/p>\n<\/td>\n https:\/\/serverurl.domin.de\/something\/something<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n [\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” header_5_line_height=”1.5em” global_colors_info=”{}”]<\/p>\n The support department requires a Federation Metadata XML file with an integrated certificate from you at the setup appointment. You can see an example of what this looks like here:<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” header_5_line_height=”1.5em” global_colors_info=”{}”]<\/p>\n <?<\/span>xml<\/span> version<\/span>=<\/span>“1.0”<\/span> encoding<\/span>=<\/span>“utf-8”<\/span>?><<\/span>EntityDescriptor<\/span> <\/span>ID<\/span>=<\/span>“_171ef52486”<\/span> <\/span>entityID<\/span>=<\/span>“https:\/\/sts.windows.net\/”<\/span> <\/span>xmlns<\/span>=<\/span>“urn:oasis:names:tc:SAML:2.0:metadata”<\/span>><\/span><\/p>\n <<\/span>Signature<\/span> <\/span>xmlns<\/span>=<\/span>“http:\/\/www.w3.org\/2000\/09\/xmldsig#”<\/span>><\/span><\/p>\n <<\/span>SignedInfo<\/span>><<\/span>CanonicalizationMethod<\/span> <\/span>Algorithm<\/span>=<\/span>“http:\/\/www.w3.org\/2001\/10\/xml-exc-c14n#”<\/span> <\/span>\/><\/span><\/p>\n <<\/span>SignatureMethod<\/span> <\/span>Algorithm<\/span>=<\/span>“http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha256”<\/span> <\/span>\/><\/span><\/p>\n <<\/span>Reference<\/span> <\/span>URI<\/span>=<\/span>“#_171ef597-486”<\/span>><<\/span>Transforms<\/span>><\/span><\/p>\n <<\/span>Transform<\/span> <\/span>Algorithm<\/span>=<\/span>“http:\/\/www.w3.org\/2000\/09\/xmldsig#enveloped-signature”<\/span> <\/span>\/><\/span><\/p>\n <<\/span>Transform<\/span> <\/span>Algorithm<\/span>=<\/span>“http:\/\/www.w3.org\/2001\/10\/xml-exc-c14n#”<\/span> <\/span>\/><\/<\/span>Transforms<\/span>><\/span><\/p>\n <<\/span>DigestMethod<\/span> <\/span>Algorithm<\/span>=<\/span>“http:\/\/www.w3.org\/2001\/04\/xmlenc#sha256”<\/span> <\/span>\/><\/span><\/p>\n <<\/span>DigestValue<\/span>><\/<\/span>DigestValue<\/span>><\/span><\/p>\n <\/<\/span>Reference<\/span>><\/<\/span>SignedInfo<\/span>><<\/span>SignatureValue<\/span>><\/<\/span>SignatureValue<\/span>><\/span><\/p>\n <<\/span>KeyInfo<\/span>><<\/span>X509Data<\/span>><<\/span>X509Certificate<\/span>><\/<\/span>X509Certificate<\/span>><\/span><\/p>\n <\/<\/span>X509Data<\/span>><\/<\/span>KeyInfo<\/span>><\/<\/span>Signature<\/span>><\/span><\/p>\n <<\/span>RoleDescriptor<\/span> <\/span>xsi:type<\/span>=<\/span>“fed:SecurityTokenServiceType”<\/span> <\/span>protocolSupportEnumeration<\/span>=<\/span>“http:\/\/docs.oasis-open.org\/wsfed\/federation\/200706”<\/span> <\/span>xmlns:xsi<\/span>=<\/span>“http:\/\/www.w3.org\/2001\/XMLSchema-instance”<\/span> <\/span>xmlns:fed<\/span>=<\/span>“http:\/\/docs.oasis-open.org\/wsfed\/federation\/200706”<\/span>><\/span><\/p>\n <<\/span>KeyDescriptor<\/span> <\/span>use<\/span>=<\/span>“signing”<\/span>><<\/span>KeyInfo<\/span> <\/span>xmlns<\/span>=<\/span>“http:\/\/www.w3.org\/2000\/09\/xmldsig#”<\/span>><\/span><\/p>\n <<\/span>X509Data<\/span>><<\/span>X509Certificate<\/span>><\/<\/span>X509Certificate<\/span>><\/<\/span>X509Data<\/span>><\/span><\/p>\n <\/<\/span>KeyInfo<\/span>><\/<\/span>KeyDescriptor<\/span>><<\/span>fed:ClaimTypesOffered<\/span>><\/span><\/p>\n<\/div>\n [\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” header_5_line_height=”1.5em” global_colors_info=”{}”]<\/p>\n To be able to use the internal company groups, you should export the AD groups you want to import once to a .CSV file and import them into OVIO in the administration. The desired authorizations per department are then maintained here once. The user assignments are then made automatically when logging in via the SAML SSO and the group memberships are resolved and saved. This ensures that your OVIO Cloud always remains clean and free of imported “garbage” such as inactive users, Exchange mailboxes, private groups, etc.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n An example of the fields OVIO expects for a group import. The separator should be a ;.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n id<\/p>\n<\/td>\n displayName<\/p>\n<\/td>\n groupType<\/p>\n<\/td>\n membershipType<\/p>\n<\/td>\n source<\/p>\n<\/td>\n<\/tr>\n mail<\/p>\n<\/td>\n securityEnabled<\/p>\n<\/td>\n mailEnabled<\/p>\n<\/td>\n isAssignableToRole<\/p>\n<\/td>\n onPremisesSyncEnabled<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”][et_pb_post_nav in_same_term=”on” _builder_version=”4.23.1″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_post_nav][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" In this section we will discuss the SAML integration of OVIO. With this section we can easily integrate our application into your current identity provider. This leads to an automatic import, user maintenance and assignment of authorizations in company-based groups \/ departments.1. SAML ProvidersAmazon AWS Identity Google Identity Microsoft Entra OCTA Every other provider that […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-195","post","type-post","status-publish","format-standard","hentry","category-ovio-administrator-guide"],"_links":{"self":[{"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=\/wp\/v2\/posts\/195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=195"}],"version-history":[{"count":5,"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=\/wp\/v2\/posts\/195\/revisions"}],"predecessor-version":[{"id":1419,"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=\/wp\/v2\/posts\/195\/revisions\/1419"}],"wp:attachment":[{"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helpdesk.ovio365.com\/en-us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} |