This lesson is part of the Security in Ignition course. You can browse the rest of the lessons below.

LESSON LIST

Autoplay Off

LESSON

Creating an Identity Provider

Description

Learn how to configure an Identity Provider in Ignition 8.

Video recorded using: Ignition 8.0

Transcript

(open in window)

[00:00] Identity Providers are the security system new to Ignition 8. Each Identity Provider that you set up within Ignition can point to a Federated Identity Provider, allowing that system to handle authentication of users. Perspective Sessions can use Identity Providers to authenticate users within the session. To add a new Identity Provider to your Gateway, we first need to come in to the Configure section of the Gateway Webpage. Once here, over on the left hand side under the Security heading, we're going to find the Identity Providers page. Here we see a list of our Identity Providers. To add a new Identity Provider, we simply need to click the Create New Identity Provider link. Here we determine which Identity Provider we want to make where the type of the Identity Provider is used to determine where the user is going to authenticate against. The first type of Identity Provider is the Ignition Identity Provider. I'm going to go ahead and click on the Next button, and we can take a look at its properties. Up at the top, you have some basic properties which are present in every Identity Provider. We can give the provider a name and a brief description. Once we have that configured, the only unique property that the Ignition Identity Provider has is the user source property which we need to point at an existing user source. A user source is set up within the gateway and we've looked at creating them in a previous topic. The user source that we select here will be the user source that the Identity Provider authenticates users against. To save your changes, you simply need to hit the Save button in the lower right hand corner. Let's go back and take a look at some of the other Identity Provider types. The next type is the OpenID Connect provider which allows us to authenticate against an OpenID Connect system. Again, up at the top we have some basic details where we can provide a name and description for this Identity Provider. Down below, we then have a number of properties that we can use to associate this Identity Provider to our OpenID Connect system. The values of these properties are all going to be unique to your system and they allow Ignition to authenticate users against it. To make this process just a little bit easier, we do have the ability to import this information here in the middle of the page. You can import the information either through a URL or a JSON document. Running the import will then fill in the configuration properties for you, making it easier to obtain this information. The last type of Identity Provider is the Security Assertion Markup Language, or SAML. Setting up a SAML Identity Provider works very much like setting up the OpenID Connect provider. We can configure a name and description for this Identity Provider, and then at the bottom of the page we have a number of configuration properties that we use to tie the Identity Provider to our SAML system. Again, the values of these properties are going to be unique to your Identity Provider, so you will need to look at your configuration document to figure out what the values of these properties need to be. Just like the OpenID Connect provider, we do provide you the ability to import this information either from a URL or an XML document.

You are editing this transcript.

Make any corrections to improve this transcript. We'll review any changes before posting them.