Identity Provider
Users can be managed by an external system, authenticated by the external system, and the results can then be used as authentication for WebPerformer-NX. This external authentication linkage allows you to use the user management and authentication mechanisms you already have in place.
Tips
External Authentication Intergration Flow
The procedure for external authentication linkage in WebPerformer-NX applications is as follows
- Click
"IdP"at the top of the User Manager screen. - Click
"Vertical Three-Point Reader"at the upper right of the IdP list, confirm the Single Sign-On URL and Audience URI, and set them to the external IdP.
| Setup for Okta | Setup for Azure AD | |
|---|---|---|
| Single Sign-In URL | English:Single Sign on URL Japanese:シングルサインオン URL | English:Reply URL (Assertion Consumer URL) Japanese:応答 URL |
| Audience URI | English:Audience URI Japanese:オーディエンス URI | English:Identifier (Entity ID) Japanese:識別子 |
- Retrieve SAML metadata documents from external IdPs.
• For Azure AD-
open the single sign-on page of the application you are creating
-
click the
"Federation Metadata XML"download link for the SAML certificate -
save the downloaded XML file
- Open the SignOn tab of the application you are creating.
- Click Actions under SAML Signing Certificates.
- Click on View IdP metadata.
- An xml file will open in a new window. Right click on the browser and click
"Save As"to save the file.
-
- Register the Identity Provider.
- Place a push button from the component list as a button for external authentication on the sign-in screen (Sign In ID) of the authentication UI.
- Open the properties screen of the button for external authentication placed in step 5, and set the following
- Select
"IdP"from Click Event. - Enter the name of the identity provider registered in step 4 in the
"IdP"field.
- Select
- Save the sign-in screen (Sign In ID) of the authentication UI.
Identity Provider Registration
- Click the Create button in the upper right corner of the screen.
- Enter the Identity Provider information.
| Item | Input | Description | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Certification Standard | Required | Select the authentication method "SAML". | |||||||||||||||||||||||||||||||||||||||
| Identity Provider Name | Required | Use any name except single-byte spaces, underscores, and commas. The maximum number of characters is 32. | |||||||||||||||||||||||||||||||||||||||
| Metadata | Required | Upload metadata documents obtained from external IdP. | |||||||||||||||||||||||||||||||||||||||
| Attribute Mapping | Required | Set up a mapping between user attributes and SAML attributes.
Tips Be sure to map the SAML attribute that maps to the user attribute "email" to the attribute that has the email information registered. |
- Click the
"Add"button. - The added identity provider will appear in the IdP list.
Tips
IdP List
Identity providers registered in User Manager are listed. The meaning of each item is as follows.
| Item | Description |
|---|---|
| Identity Provider | A name that identifies the identity provider. |
| Certification Standards | Displays selected Certification Standards. |
| Updated | Displays the date and time the identity provider was updated in local time. |
| Created | Displays the date and time the identity provider was created in local time. |
Tips
Operation Menu
Click on the "Vertical Triple Point Reader" to the right of each record in the IdP list to open the "Menu".
The description of each menu is as follows
| Menu | Description |
|---|---|
| Edit | Identity Provider - Edit dialog opens to update identity provider information. |
| Delete | Delete the Identity Provider. |