I'd like to publish an app on the G Suite Marketplace that allows user and group management/provisioning via SCIM 2.0. Where do I need to go to configure that?
This article from 2016 made me think it would be possible (https://gsuiteupdates.googleblog.com/2016/07/automatically-provision-users-with-scim.html) but I cannot find it anywhere in Google's documentation or Marketplace SDK?
We currently user SCIM as our primary method for integrating with the Identity Providers used by our enterprise clients. Some enterprises use GSuite for SSO though. Our current app in the Google Marketplace doesn't use SCIM and therefore has to be maintained separately.
Related
I have a Webapp hosted on Google compute engine. I am trying to list it on Microsoft AppSource. One of the mandatory conditions for listing is enabling Azure Active Directory federated Single Sign-on (AAD federated SSO) for the app.
Google Cloud platform supports SAML 2.0-based SSO. Hence technically this should be possible. Has anybody tried it and any has experiences to share. Thanks in advance.
In order for an application to integrate with Azure Active Directory - it is not required that you have an Azure Subscription, or even Azure Active Directory (specially if your application is a multi-tenant application) - you can host your application anywhere.
For AppSource, as long as your app integrates with Azure Active Directory, then you are able to list your app on AppSource - which means that the application does not need to be hosted in Azure. AppSource also requires Open Id Connect - SAML would not qualify. For more details please see this article.
To make it easier to test the Azure AD integration in your application, you can create/ use a test tenant with a Microsoft personal account (MSA), as well as use this MSA account to register your application for OAUTH2 flow.
You probably don't want to use GCP's SSO. This is really designed to allow your developers to use your organization's auth system while working on GCP. This is different than allowing your users to use their organization's AD while working within your web app.
Instead, I suggest you look to see if anyone has built AD or SAML integration for the framework your webapp is built with, or look to implementing it yourself. This allows the SSO auth to be used for the app itself, instead of in accessing GCP APIs.
I would like to use OAuth as authorization system for my API created on the IBM API Manager (on Bluemix). Is it possible to use the IBM MobileFirst as OAuth provider? I have already tried inserting
mobile_first_context*/authorization/v1/authorization
as “Authorization URL”, after calling
advanced_developer_portal_context*/oauth/authorize
I obtain the form to insert the credentials, I enter a MobileFirst user and password (credentials are in basic user registry) but it seems to be always failing and the form is constantly visible.
What am I getting wrong?
Thank you in advance.
This is not possible through MobileFirst Platform Foundation at this time. The question should be directed at the API Manager product. You could probably open a PMR (support ticket) for that team.
To use OAuth to the secure the APIs in IBM API Management, please see the Securing an API by using OAuth 2.0 tutorial. As provided in the earlier answer it is not possible through IBM Mobile First Platform at this time.
Is it possible to use authenticate user from mobile application using Active Directory credentials in IONIC? I have gone through many google, but could not find any thing specific to Active Directory.
Ionic Framework is a front end framework. You can authenticate by any means that's available from your backend API.
auth0.com offers a soultion that might work for your needs if you want to integrate against a pre-baked solution rather that writing your own. They have a library for Ionic Framework.
You can find github repo here: https://github.com/auth0-samples/auth0-ionic2-samples
Auth0 offers identity management as a service (authentication). The Ionic Framework library claims that you can integrate against:
Google,
Facebook,
Microsoft Account,
LinkedIn,
GitHub,
Twitter,
Box,
Salesforce,
Windows Azure AD,
Google Apps,
Active Directory,
ADFS
or any SAML Identity Provider
Keep in mind that your Active Directory server will have to be available to Auth0 in some way in order for the integration to work. This may not be appropriate if you're building a purely internal enterprise app.
I have a SAP sso2 service enabled in the company, how would I enable single sign-on in code? What do I need to insert to my code and possibly where?
When I log in to portal, single sign-on feature works, as I am not asked for password every time. I would like to have the same thing for my SAPUI5 application.
Can I possibly use cookies? If yes, how?
Yes, you can have the same thing for your SAPUI5 application. You don't need to code anything. SSO for ABAP is standard configuration. You can use any of these:
SPNego for ABAP (included in SAP Single Sign-On 2.0)
SAML to Active Directory (assuming your users are there and that's why you have SSO to Portal)
When your company has implemented SSO for Portal, they should of course do the same for SAP GUI and ABAP HTTP. :-)
Note that there is a licensing cost for SAP Single Sign-On 2.0.
If you use ABAP on-premise system for your SAPUI5 app, then you need to have SAP Single-Sign-On solution installed, it includes SAML support.
SAML implementation on AS ABAP is provided by CommonCryptoLib (SAPCRYPTOLIB) so what you need here:
Install SAPCRYPTOLIB library server-side.
Not needed on Netweaver 72x/74x kernel PL released after November 2013, because now built-in kernel.
Enable SAML provider in AS ABAP in SAML2 transaction
Configure AS ABAP as service provider
Set up SAP SSO
After that you will be able to connect to ABAP system from your app.
If you connect to SCP cloud ABAP or HANA system, then this is even more simply because it supports SAML natively.
Google Provisioning APIs use Google data protocol which requires admin userid and password. I looking for something like Google drive APIs so that I can use authority delegated service account to fetch entreprise info also. Idea is to avoid asking Admin credentials.
The Provisioning APIs support OAuth just fine. However, you should probably use the brand new Admin SDK Directory API which also supports the newer Google API similar to Drive SDK.