OAuth Integration_Operation Guide_Enterprise Secure Access-文档中心

Content

1. Usage Scenario
2. Operation Steps

Step1: Enable OAuth 2.0 and get necessary information
Step 2: Add IDP to ESA platform
Step 3: Try login ESA with OAuth 2.0 account

1. Usage Scenario

ESA allows integration with third-party identity providers using the OAuth2.0 protocol, such as Okta, OneLogin, Azure AD, Ping Identity, and Authing, etc. OAuth2.0 integration allows organizations to delegate user authentication to third party IDP.

2. Operation Steps

Take ID provider Authing as example to show the whole process.

Step1: Enable OAuth 2.0 and get necessary information

1）Login to IDP management portal
2）Create a self-built app and name it “CDNetworks ESA”

3）Enable OAuth 2.0 Provider under Protocol Configuration

4）ESA will be integrated to IDP through client_credential mode. Please get following information from IDP:

a. Client ID（APP ID）
b. Client Secret（App Secret）
c. Scope (authorization range)
d. Authorize URL（Authorize endpoint）: https://app.idp.com/oauth/auth
e. Authorize URL template： ${authEndPoint}?client_id=${clientId}&scope=${scope}&response_typ
e=code&state=12345
f. Token URL（Token endpoint）: https://app.idp.com/oauth/token
g. UserInfoURL（UserInfo Endpoint）: https://app.idp.com/oauth/me

Step 2: Add IDP to ESA platform

5）Login to ESA management portal, go to ID Authentication->ID Provider-> Add IdP, select OAuth 2.0.

6）Fill in the basic information and configure the addresses.

Note:

Client Login Only: means only available with OAuth 2.0 login on ESA client
SSO: means to jump to browser to call OAuth 2.0 login page
SDK Authentication: this is not available on ESA.

7）On the authentication configuration page, enable authentication and select the user account attribute to verify the user ID. Ensure that this attribute matches the configuration on the IDP. Refer to the IDP’s documentation for details.

For example, if you will verify user with user name, set Application Name=username, and Associated IdP field set to User Attribute