Overview
Single Sign-On (SSO) is a user authentication process that allows your users to sign in to multiple applications using the same set of login credentials. This allows ease of use for the end users and ease of management for administrators. VIDIZMO offers the most flexible options for you to integrate with a wide range of single sign-on authentication providers, including:
- Directory services such as Azure AD etc.
- Identity Access Management (IAM) services such as Okta, OneLogin, Ping, Centrify, ForgeRock,
- Third-party login services such as Facebook, Google, Office 365, Twitter, LinkedIn, etc.
With an app model integration for SSO, VIDIZMO makes the integration as easy as enabling/disabling your identity provider from within the platform administrator interface in minutes. Enterprises using ForgeRock Access Management as their identity provider can utilize SSO option with VIDIZMO, allowing users to sign in using the same set of credentials.
For more information about VIDIZMO SSO Apps, read Understanding Single Sign-On.
Before you start
- For configuring ForgeRock SSO with VIDIZMO, you must have a ForgeRock Identity server's administrator account so that you can create a ForgeRock OAuth 2.0 application for authorization.
- If more SSO Apps have been configured and enabled on your Portal other than ForgeRock SSO, your users will see multiple buttons on the login page allowing them to choose any identity provider of their choice to log in to their VIDIZMO Portal.
- VIDIZMO requires your ForgeRock authorization server to expose a list of scopes to map attributes and provide user authentication. These scopes include:
- Profile (The user's First Name and Last Name are exposed and mapped in your VIDIZMO account in this Scope)
- Email (The user's Email Address is exposed and mapped in your VIDIZMO account in this Scope)
- Openid (this is required to indicate that the application intends to use OIDC to verify the user's identity)
- Managers and Administrators of the Portal can configure and enable SSO options in VIDIZMO.
- If your portal is using HTTPS protocol, make sure your ForgeRock authentication server is also using HTTPS.
Configuration in ForgeRock
Configure OAuth Applications
1. After you log into your ForgeRock authorization server using admin account, go to your default current realm.
2. From your Realm Dashboard:
i. Expand Applications from the left menu bar options,
ii. Select OAuth 2.0 to create an application that communicates with Forgerock on behalf of VIDIZMO.
iii. Click on Add Client to create your own application.
Set up OAuth 2.0 Client
1. On the New OAuth 2.0 Client screen,
i. Enter the name you wish to assign to the client application. For demonstration purpose, this has been set to ForgeRock-Demo. Make sure to save it for configuration in VIDIZMO Portal in the next step.
ii. Set the secret to your Client and save it for configuration in VIDIZMO Portal.
iii. Redirection URIs help ForgeRock whitelist addresses upon which to send user information after a successful login, which is why you need to enter your Portal's URL appended with /sso/signin-openam as shown.
iv. Next are scopes, these are the parameters that VIDIZMO would need from ForgeRock to authenticate and authorize the user to log into the portal. Here, include email, openid and profile. Read more about what information does each of them contain here.
v. Click Create to proceed.
2. From OAuth 2.0 Client application you just created, now you only need to make a minor change:
i. Change the Client type from Confidential to Public.
ii. Click on Save Changes.
3. Go to the Advanced tab and make sure following is configured:
i. Under Grant Types, add Implicit.
ii. Similarly, in Response Types, make sure you have added id_token which is required by OAuth.
Configuration in VIDIZMO
Configure SSO Apps
1. After logging into your portal, from your homepage:
iii. Click on the Settings tab and you'll be directed to Portal Settings page.
2. On Portal Settings page, expand Apps and select Single Sign-On.
i. Click on the settings icon against ForgeRock to configure its app in the portal.
Set up ForgeRock SSO Client
1. From the ForgeRock Settings screen:
i. Enter the name you gave to your application as Client ID while setting it up in ForgeRock.
ii. Enter the Secret that you set while configuring your application.
iii. The Authority URL is the portal's URL appended with /oauth2.
iv. You can leave the next field as it is not mandatory.
v. Click on Save Changes to proceed.
2. After saving changes, you will be back on the SSO Apps page from where you can top off the process:
i. Toggle the button against ForgeRock SSO to enable it on your portal.
Sign in using ForgeRock
Sign out from your existing account and navigate back to the Login page only to see an option to sign in using ForgeRock Access Management.