search
About UsTrust and Security

Configuring Straatos for SSO

This articles describes Configuring Straatos for SSO

Once CumulusPro Support has configured the IdP, the straatos organisation can be configured to work with the IdP. For the IdP to work correctly, you will need to have a custom domain for the TaskUI configured.

Custom Domain Setup for TaskUI:

  • Domain Options:

    • You can use a custom domain (example: app..com) or a domain provided by CumulusPro (example: .cumuluspro.net).

  • DNS Configuration:

    • If you use your own domain, configure CNAME entries with your DNS provider to point to the designated CumulusPro server.

  • SSL Certificate:

    • Provide an SSL Certificate for your custom domain to ensure secure connections.

CumulusPro will set up the whitelabel configuration for your application, providing the following critical information:

  • Custom Policy Name:

    • You will receive a specific policy name tailored to your organizational requirements.

  • Domain Name:

    • A domain name will be provided, which will be integral to your application's access and identity configurations.

circle-info

These options are required to configure and link the IdP to your Straatos organisation.

hashtag
Configuring the Straatos organisation to work with your IdP

  1. Go to 'https://straatosv2-api-qa-eu.cumuluspro.net/swagger/index.html'.

  1. Navigate to the organisations API and select the 'PUT /IAM/Organisations/{id}' API.

  1. Enter your organisations id.

  1. In the body, enter the following details:

    1. ssoIdentityProvider:

      1. The value for the adIssuer is the one that is provided in the token claim. It should look like this:

        1. https://login.microsoftonline.com//v2.0 where the should be the Directory (tenant) ID from your app registration.

    2. ssoClientId:

      1. The GUID from the client application created above.

    3. ssoClientSecret:

      1. The Client Secret created in the client application above.

    4. ssoIdentityExperiencePolicy:

      1. Provided by CumulusPro and will look similar to this: B2C_1A_SIGNUP_SIGNIN_TEST.

  1. Execute the API call.

hashtag
Configuring the Straatos Groups to match the AD/Entra Groups

The groups from Active Directory/Entra need to be linked with the groups from Straatos to enable automatic user management.

  1. Goto https://straatosv2-api-qa-eu.cumuluspro.net/swagger/index.html.

  2. Navigate to the organisations API and select the 'PUT /IAM/Groups/{id}' API.

  3. Enter your Group Id for which you want to link it to the AD/Entra Group.

  4. In the body, enter the 'ssoGroupGuid'. The value is the Entra/AD Group ID you want to link. (example: 'df48830e-bda7-45b0-b135-03abd3a79c93').

  5. Execute the API call.

Last updated