Identity Provider Federation¶
Configuring Custom IdP¶
Currently, Insights Hub/Siemens ID credentials is used as the default IdP for Insights Hub. As a result, all users must log in using Insights Hub/Siemens ID credentials to access Insights Hub.
The "Identity Provider (IdP) Federation" tab in the "Settings" application enables users to create and use their own IdP. This allows users to manage authentication and access Insights Hub by onboarding their own IdP.
Note
This functionality applies to the following scenarios: * All environments for existing Insights Hub customers with Insights Hub offerings (MindAccess Plans, any Upgrades, etc) * Premium tenants only, if you are a new customer with the new offering structure (Capability Packages, Asset Attributes, etc) * "TenantAdmin" only, irrespective of existing or new customers.
Configuring Custom Identity Provider (IdP)¶
To create and configure a new custom identity provider (IdP), proceed as follows:
- Click "Configurations" in the left navigation and select "Identity Provider Federation".
- Click "Configure Custom Identity Provider".
- Select the required "Identity Provider Type" and click "Next".
- Follow the configuration steps provided in the "External Identity Provider Configuration" step and click "Next".
- If you have selected "Open ID" as the provider type, the configuration screen will display the image below:
- If you have selected "SAML" as the provider type, the configuration screen will display the image below:
- If you have selected "Open ID" as the provider type, the configuration screen will display the image below:
- Enter the configuration details for "Open ID" as shown in the below image:
Enter the configuration details for SAML as shown in the below image:
- Click Save.
The creation of the new IdP is successfully configured and can be activated now.
- Click "Activate now" to activate the newly configured IdP immediately, Otherwise, click "Activate later".
The created IdP will be displayed in the "Identity Provider Configuration" screen.
- Click "Activate" to activate the created IdP.
After this IdP is activated, the current session will be logged out and the new IdP will be displayed for logging in to Insights Hub.
As soon as you log in with the new IdP, a pop-up will be displayed to acknowledge the new provider. Click "Acknowledge New Provider". If this action is not performed during the first login with the new IdP, then the previously used IdP will be automatically activated after 5 minutes.
Security capabilities¶
A secure way is provided to integrate with third-party Identity provider (IdP) based on standard protocols and frameworks in case a custom IdP (identity provider) should be used instead of our standard IdP solution. The customer will assume responsibility for the secure operation and management of the chosen IdP, including physical security, host operating system and virtualization layer, guest operating system (including updates and security patches) and network configuration according to ISO 27001 (see ISO https://www.isms.online/iso-27001/annex-a-controls/).
It is required to change the password regularly. For Tenant administrators, using Multi-Factor Authentication (MFA) is recommended.