IDaaS SP
The IDaaS SP screen allows you to view, add, and update the IDaaS SP settings for your site.
IDaaS SP list
Accessing the screen
In the left sidebar menu, under "SETTINGS", click [External system integration] -> [IDaaS SP].
Field descriptions
Field | Description |
---|---|
Enabled | Status of the IDaaS SP. : Enabled : Disabled |
Login IDaaS SP name | Name of the IDaaS SP. |
Type | Type of IDaaS SP. |
Updated on | Date and time of last update to the IDaaS SP. |
IDaaS SP editor
Accessing the screen
In the left sidebar menu, under "SETTINGS", click [External system integration] -> [IDaaS SP].
On the IDaaS SP list screen, click the name of the IDaaS SP you want to edit.
Item descriptions
IDaaS SP editor
Field | Description |
---|---|
Login OAuth SP name | Name of the OAuth SP. Check the "Enable" box to enable the current settings. (Note: The test function can be used even if the OAuth SP settings are disabled.) |
Target domain | Target domain of the OAuth SP (admin panel URL or API domain). |
Type | Name of the Service that you are planning to use with IDaaS functionality. (Note: Currently only Azure AD B2C is supported) |
Login URL | This URL needs to be set on Azure side as Provider's Redirect/Reply URI. |
Client ID | Identifier to confirm the client. This will be provided by Microsoft when configuring the Provider. |
Client Secret | Secret to make the requests. This will be provided by Microsoft when configuring the Provider. |
Authorize URL | URL to Autorize the user login state, this will be porived by Microsoft when configuring. |
Token URL | URL to get the Token information of the logged in user. (More on this can be found here) |
Resource URL | URL for the Resource of the user. This is used to exchange information of the user object between Kuroco and Microsoft. |
JWKS URL | URL to handle the Key Sets, this will be provided by Microsoft when Configuring. |
(API) Generate grant token | A list of APIs with dynamic access tokens set for security will be displayed. When generating a Grant token with SSO, please check the APIs you want to use. When SSO is performed with the displayed URL, the grant_token parameter will be added to the URL upon transition to the return URL, so please use this to issue an access token. |
Return URL (success) | URL that user will be redirected to upon successfully logging in. |
Return URL (error) | URL that user will be redirected to if login fails. |
Automatic user registration | Option to enable automatic registration. Disabling this option redirects all unregistered users to the return URL (error) when they try to log in via SSO. |
Store the ID in Member Ext Col and link without using email | If checked, the user ID attribute will be used instead of email for authentication purposes. If checked, select the ext column to store the open_id, if unchecked, enter the key to refer to for email. Click on Add a Subkey is the data is nested and needs to be handled accordingly. |
Save user access token | If checked, the long-lived access token will be saved in the Database of Kuroco for any processing which needs to be done on behalf of the user later. |
Token and Resource Request Settings
Field/Button | Description |
---|---|
Resource Key from IdP | The key from the Identity Provider which contains the needed value. |
Mapping to member extension Item | The extention item to select from for mapping the incoming data. This data will be saved in the selected ext column. (Note: Only Single-Line Text ext types can be used to set as mapping) |
Add a Subkey | It is possible for the required data to be in a set of nested keys. A sub key can be used to get the data from the nested Object. (Note: Apart from 1 parent key, 3 nested keys can be used) |
Actions
Button | Description |
---|---|
Update | Apply all changes made on this screen. |
Test | Test the IDaaS SP settings to verify the fields that contain the necessary data. Click update to save the entered data before executing a test. |
Delete | Delete the current IDaaS SP. |
Support
If you have any other questions, please contact us or check out Our Slack Community.