Use an outside authentication source to verify users into your community
Single Sign-On (SSO) enables your users to authenticate with our application via your identity provider. When enabled, all other forms of authentication are disabled. Honeycommb supports both OAuth2 and SAML 2.0.
You can only enable one method of SSO at a time. Configuration for both can be reached from the community details page.
SAML 2.0
Step 1: Setup Protocol
Select SAML as the protocol. Use the ACS url and SP entity to plug into your identity provider.
We require that the name ID is returned as an email address.
We also require the following attributes:
- first_name should be the first name of the user.
- last_name should be the last name of the user.
Failure to map these fields will result in failed SAML auth requests.
Step 2: Fill in the IDP Entity Name
The IDP Entity name is the name of the identity provider. It should be recognizable to the end user so they know what system they're about to sign into.
Step 3a: Fill in IDP Metadata
If your provider gives you the xml metadata, simply copy paste it into the Idp Metadata field. You can skip step 3b.
If you do not have the xml metadata, proceed to step 3b.
Step 3b: Fill Details Manually
Fill in the following fields: IDP Entity, IDP SSO Target Url, IDP SLO Target Url, IDP Cert, IDP Cert Fingerprint, IDP Cert Fingerprint Algorithm. You can get these from your identity provider.
Step 4: Activate
Check the "Active" box and save. SSO via SAML will now be enabled.
OAuth2
Step1: Setup Protocol
Select Oauth2 as the protocol. Use the Callback URL to plug into the identity provider.
Step 2: Setup Details
All fields are required except the name mapping.
Provider - The name of the identity provider. It should be recognizable to the end user so they know what system they're about to sign into.
Client ID - Retrieve this from the OAuth application.
Client Secret - Retrieve this from the OAuth application.
Scope - Any additional scopes required to authenticate. See https://oauth.net/2/scope/ for additional details.
Authorization URL - The sign in url for your users. (See github example)
Token URL - The url to fetch the bearer token from. (See github example)
User URL - The url to fetch the current user from. (See github example)
Step 3: Setup Mapping
The mapping fields describe how to traverse the json response from the User URL to retrieve specific fields. We use dot notation to traverse JSON objects.
In our example, the user URL responds with the following payload:
{
"id": 123,
"user": {
"email": "test@honeycommb.com",
"username": "test_user",
"name": "Test User"
}
}
Email mapping would be user.email
Username mapping would be user.username
Name mapping would be user.name
Step 4: Activate
Check the "Active" box and save. SSO via OAuth2 will now be enabled.
RELATED: The User Experience in using SSO to log into the community