Identity Provider Federation¶
Configuring Custom IdP¶
Currently, WebKey is used as the default IdP for Insights Hub. This means that, for any user to access Insights Hub, it is required to log in using Webkey.
The "Identity Provider (IdP) Federation" tab in "Settings" application enables the users to create and use their own IdP. This allows the users to take control on authentication and access Insights Hub by onboarding their own IdP.
This functionality is applicable: * for all the environments, if you are an existing Insights Hub customer with Insights Hub offerings (MindAccess Plans, any Upgrades etc) * For Premium tenants only, if you are a new customer with new offering structure (Capability Packages, Asset Attributes etc) * for "TenantAdmin" only, irrespective of existing or new customers
Configuring Custom Identity Provider (IdP)¶
To create and configure a new custom (IdP), proceed with the following steps:
- From the left navigation, select "Identity Provider Federation".
- Click "Configure Custom Identity Provider".
- Select the required IdP type and click "Next".
- Follow the configuration steps in the "External Identity Provider Configuration" step and click "Next".
If "Open ID" is selected as the provider type, then the configuration screen is displayed as in the below image:
If "SAML" is selected as the provider type, then the configuration screen is displayed as in the below image:
- For Open ID, enter the configuration details as shown in the below image:
For SAML, enter the configuration details as shown in the below image:
- Click Save.
A pop-up window is displayed with a message that the creation of the new IdP is successful.
- To activate the new IdP immediately, click "Activate Now". Otherwise, click "Activate Later".
The created IdP is displayed in "Identity Provider Configuration" screen.
- To activate the created IdP, click "Activate".
After this IdP is activated, the current session will be logged out and the new IdP will be displayed to log in to Insights Hub.
As soon as you log in with the new IdP, a pop-up will be displayed to acknowledge the new provider. Click "Acknowledge New Provider". If this action is not performed during the first login with new IdP, then the previously used IdP will be automatically activated after 5 minutes.
A secure way is provided to integrate with 3rd party Identity provider (IdP) based on standard protocols and frameworks in case a custom IdP (identity provider) should be used instead of our standard IdP solution. The customer will assume responsibility for the secure operation and management of the chosen IdP including physical security, host operating system and virtualization layer, guest operating system (including updates and security patches) and network configuration according to ISO 27001 (see ISO https://www.isms.online/iso-27001/annex-a-controls/).
It is required to change the password regularly. For Tenant administrators, using Multi-Factor Authentication (MFA) is recommended.