SSO Config

Apty Assist supports single sign-on authentication, which is a process that allows a user to access multiple applications with one set of login credentials. Apty supports 2 types of SSO Authentication: OAuth 2.0 and SAML 2.0.

This article covers the following instructions:

To access SSO Config page:

1.   Log into the Admin Console.

2.   At the the bottom of the left side panel click the   Settings icon. The System Settings page opens.

3.   In the System Settings page select the SSO Config tab. 

To setup OAuth 2.0:

OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.

1. In the SSO Type field select "OAth 2.0" from the drop-down list.

2. Provide all the details required to configure OAuth 2.0 and save, refer to the image:

HOST_NAME:

Apty Assist URI where the application is deployed. SSO config Host name should match with present host name. 
For example: https://companyname.apty.io

APP_SCOPES:

Requesting for the required details in success response from the Identity Provider; for example, openid, profile, offline_access, name, given_name, created_at, etc. For details refer to this source.

AUTHORIZE_PATH:

String path to request an authorization code. Default to /oauth/authorize.

TOKEN_PATH:

String path to request an access token from Identity Provider. Default to /oauth/token.

TOKEN_HOST:

Identity provider base URI.

APP_ID / APP_PASSWORD:

Enable retrieval and revocation of OAuth 2.0 access tokens by providing app ID and app password.

EMAIL_KEY:

JSON key of the Authorization Success Response through which the Authorized User Email can be accessed.


3.   Click Save at the bottom of the screen.

When logging in to Apty Assist Studio, use Use Login with SSO button to login using OAuth 2.0.

To setup SAML 2.0:

SAML SSO works by transferring the user’s identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XML documents. Consider the following scenario: A user is logged into a system that acts as an identity provider. The user wants to log in to a remote application, such as a support or accounting application (the service provider). The following happens:

  1. The user accesses the remote application using a link on an intranet, a bookmark, or similar and the application loads.
  2. The application identifies the user’s origin (by application subdomain, user IP address, or similar) and redirects the user back to the identity provider, asking for authentication. This is the authentication request.
  3. The user either has an existing active browser session with the identity provider or establishes one by logging into the identity provider.
  4. The identity provider builds the authentication response in the form of an XML-document containing the user’s username or email address, signs it using an X.509 certificate, and posts this information to the service provider.
  5. The service provider, which already knows the identity provider and has a certificate fingerprint, retrieves the authentication response and validates it using the certificate fingerprint.
  6. The identity of the user is established and the user is provided with app access.

To setup SAML 2.0 in Apty, follow the steps below:

1.   In the SSO Type field select "SAML 2.0" from the drop-down list.

2.   Provide all the details required to configure OAuth 2.0 and save, refer the details below:

HOST_NAME:

Apty Assist URI where the application is deployed. For example: https://companyname.apty.io

ENTRY_POINT:

Identity Provider URI where the user will be redirected for authentication.

CERT:

Signature Certificate.

EMAIL_KEY:

JSON key of the Authorization Success Response through which the Authorized User Email can be accessed.


3.   Click Save at the bottom of the screen.

When logging in to Apty Assist Studio, use Use Login with SSO button to login using SAML 2.0.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.