Skip to content

Identity Provider Federation

Configuring Custom IdP

Currently, WebKey is used as the default IdP for MindSphere. This means that, for any user to access MindSphere, it is required to login using Webkey.

The "Identity Provider (IdP) Federation" tab in "Settings" application enables the users to create and use their own IdP. This allows the users to take control on authentication and access MindSphere by onboarding their own IdP.

Note

This functionality is applicable:

  • for all the tenants, if you are an existing MindSphere customer with MindSphere offerings (MindAccess Plans, any Upgrades etc)
  • For Premium tenants only, if you are a new customer with new offering structure (Capability Packages, Asset Attributes etc)
  • for "TenantAdmin" only, irrespective of existing or new customers

Configuring Custom Identity Provider (IdP)

To create and configure a new custom (IdP), proceed with the following steps:

  1. From the left navigation, select "Identity Provider Federation".
  2. Click "Configure Custom Identity Provider".
  3. Select the required IdP type and click "Next".
    Type selection
  4. Follow the configuration steps in the "External Identity Provider Configuration" step and click "Next".
    If "Open ID" is selected as the provider type, then the configuration screen is displayed as in the below image:
    External Identity Provider configuration1 If "SAML" is selected as the provider type, then the configuration screen is displayed as in the below image:
    External Identity Provider configuration
  5. For Open ID, enter the configuration details as shown in the below image:
    Configuration details save window
    For SAML, enter the configuration details as shown in the below image:
    Configuration details
  6. Click Save.
    A pop-up window is displayed with a message that the creation of the new IdP is successful.
    NewIdp Configured
  7. To activate the new IdP immediately, click "Activate Now". Otherwise, click "Activate Later".
    The created IdP is displayed in "Identity Provider Configuration" screen.
    Inactive Identity Provider
  8. To activate the created IdP, click "Activate".
    After this IdP is activated, the current session will be logged out and the new IdP will be displayed to login to MindSphere.
    As soon as you login with the new IdP, a pop-up will be displayed to acknowledge the new provider. Click "Acknowledge New Provider". If this action is not performed during the first login with new IdP, then the previously used IdP will be automatically activated after 5 minutes.
    Acknowledge New Provider

Security capabilities

MindSphere provides a secure way to integrate with 3rd party Identity provider (IdP) based on standard protocols and frameworks in case a custom IdP (identity provider) should be used instead of the MindSphere standard IdP solution. The customer will assume responsibility for the secure operation and management of the chosen IdP including physical security, host operating system and virtualization layer, guest operating system (including updates and security patches) and network configuration according to ISO 27001 (see ISO https://www.isms.online/iso-27001/annex-a-controls/).

It is required to change the password regularly. For Tenant administrators, using Multi-Factor Authentication (MFA) is recommended.

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.


Last update: April 28, 2022