OAuth Integration

最終更新日:2024-01-02 16:04:11

Content


1. Usage Scenario

ESA allows integration with third-party identity providers using the OAuth2.0 protocol, such as Okta, OneLogin, Azure AD, Ping Identity, and Authing, etc. OAuth2.0 integration allows organizations to delegate user authentication to third party IDP.

2. Operation Steps

Take ID provider Authing as example to show the whole process.

Step1: Enable OAuth 2.0 and get necessary information

1)Login to IDP management portal
2)Create a self-built app and name it “CDNetworks ESA”

3)Enable OAuth 2.0 Provider under Protocol Configuration

4)ESA will be integrated to IDP through client_credential mode. Please get following information from IDP:

  • a. Client ID(APP ID)
  • b. Client Secret(App Secret)
  • c. Scope (authorization range)
  • d. Authorize URL(Authorize endpoint): https://app.idp.com/oauth/auth
  • e. Authorize URL template: ${authEndPoint}?client_id=${clientId}&scope=${scope}&response_typ
  • e=code&state=12345
  • f. Token URL(Token endpoint): https://app.idp.com/oauth/token
  • g. UserInfoURL(UserInfo Endpoint): https://app.idp.com/oauth/me

Step 2: Add IDP to ESA platform

5)Login to ESA management portal, go to ID Authentication->ID Provider-> Add IdP, select OAuth 2.0.

6)Fill in the basic information and configure the addresses.

Note:

  • Client Login Only: means only available with OAuth 2.0 login on ESA client
  • SSO: means to jump to browser to call OAuth 2.0 login page
  • SDK Authentication: this is not available on ESA.

7)On the authentication configuration page, enable authentication and select the user account attribute to verify the user ID. Ensure that this attribute matches the configuration on the IDP. Refer to the IDP’s documentation for details.

For example, if you will verify user with user name, set Application Name=username, and Associated IdP field set to User Attribute

IDP been added successfully

Step 3: Try login ESA with OAuth 2.0 account

8)Launch the ESA client and enter the enterprise ID.
9)Select the configured IDP and fill in user credential

10)After filling in the credentials, users will login and access authorized applications (ensure access permissions are configured).

The end of the configuration.