I have the free developer edition. I want to provision users to my web site using SCIM. The docs say look under "dashboard/agents". I have no agents tab under dashboards.
https://support.okta.com/articles/Knowledge_Article/46749316-On-Premises-Provisioning-Deployment-Guide?id=kA0F0000000AY3C&q=scim&l=en_US&fs=Search&pn=1#code
Also for behind a firewall the document says download the "On-Prem Provisioning Agent". I have not been able to find that under "setting/downloads" or anywhere else. Where do I find that?
You will need to contact Okta Support or your Okta Sales contact to enable the On-Premises Provisioning feature.
Related
As a company, is it possible to mandate SSO for everyone who works for me? i.e anyone who registers with an #companyname.com email has to go through my Google SSO regardless if they're logging into and pushing code to a repo not maintained by my organization?
If your users are Enterprise Managed Users, you now (Sept. 2022) have the option of:
Automatic Single Sign On for Enterprise Managed Users – Public Beta
Enterprise administrators can now choose to redirect signed-out Enterprise Managed Users to their company's single sign-on (SSO) page. This feature is available as a public beta.
By default, enterprises with Managed Users enabled are hidden, showing a 404 error page any time an enterprise resource is visited by a user that isn't already signed in to the enterprise.
If you enable this feature for your enterprise, visitors to resources in your enterprise, org, or user namespaces will immediately be presented with an SSO redirect if not already signed in to your enterprise.
This redirect helps users sign in to the correct account, rather than giving them the impression that the link they were given no longer works.
You can find this setting in the Authentication security section of your Enterprise Settings, below the single sign-on configuration sections.
Read more about this settings at "Automatic redirection for Enterprise Managed Users".
I have created an application to use the Office 365 Exchange Online (Microsoft.Exchange) API. I set successfully set up permissions as described here MS Integrating Applications on an existing development Azure Account. See APIs available on original account.
However, now I want to set up a similar app in a new Azure account so I can have a different visible domain for the permission sign up process. However, on this new account the Exchange Online API is not visible to select as a required permission.
This account only exists as a place to register the App so it doesn't itself have any users or need any licenses but do I have to have a license associated with that account just to be allowed to add a particular API to the required permissions? The documentation doesn't mention anything about this that I can see.
do I have to have a license associated with that account just to be
allowed to add a particular API to the required permissions?
Yes, you're right. You have to have a Office 365 Exchange Online license for your Tenant.
Why:
These APIs are exsiting in the AAD as service principal (Enterprise Applications). If you don't buy Exchange Online license, it won't occurs in the Enterprise Applications in your tenant. Once you buy the license, it will be automatically added to the Enterprise applications, meanwhile you can use its API via AAD.
This makes sense because if you don't have the license, you cannot use the product and you cannot use its API neither.
The documentation doesn't mention anything about this that I can see.
Yeah, the documentation maynot mention this and it should be noticed in the documentation. You can sign in the documenation webiste via a github account and give a feeback to the documenation Team:
Hope this helps!
Is it possible to integrate Bluemix Public Accounts/User (means IBM IDs) in a LDAP of Company User Management?
Reason the ensure on-boarding and off-boarding can be done on a central place inside a company.
Is this topic related to a ibm market place integration possibility?
https://www.ibm.com/support/knowledgecenter/en/SSZPE3_9.1.1/Platform/LDAP/LDAP_AD_integration_features.html
This can be done with a federated ID.
This ID can be used to sign up for Bluemix only if your company has already worked with IBM to register. Registering a company's domain with IBM enables users to log in to IBM products and services by using their existing company user credentials. Authentication is then handled by your company's identity provider. When you log in to Bluemix with a federated ID, you are prompted to log in through your company's login page. For information about requesting to register your company or organization's domain with IBM, or for more information about the process, see IBMid Enterprise Federation Adoption Guide External link icon. An IBM sponsor, such as an offering advocate or client advocate, is required when you request to register federated IDs.
Link: https://console.bluemix.net/docs/admin/account.html
I need to use the .Net token (or FedAuth cookie) to get in Domino credential from Active directory
The same need is describe in:
Lotus Notes and c# SSO.
Internet users are loged in a Share Point application and have to open a form in Domino.
My Domino Server is configured Assistant Directory, the users are managed in Active Directory and not in names.nsf. This works good. I can make a POST to log automatically a user of the AD.
But Share Point don't have the user password! Ideally it would be cool to POST the cookie... or run an agent that will inquire in back end the Active directory with the cookie to verify it. Is there a way to do this?
My Domino is 8.53 so I can't use SAML (if someone did this with Domino 9.0 I will be pleased to know :-).
There is a SSO using SPNEGO which can be setup on windows-based Domino servers.
More information about it can be found in the Domino Administration help (steps are very well documentd) and here:
Wiki: Deploying Windows single sign-on for Web clients (SPNEGO) in an existing Domino environment
Basically the steps to enable this are (details in notes admin help and the linked document):
Set an SPN on your windows server (to allow this server to pass Kerberos tickets to the AD)
Enable SSO on the Internet Site / Server doc
In the SSO Configuration: add all servers you will need SSO and enable windows-based SSO
Add a name mapping to your Person docs (Kerberos Principal Name Field) and set notes.ini entry WIDE_SEARCH_FOR_KERBEROS_NAMES=1 on your domino server to include this field in the namelookup
Configure browser: IE: trusted sites (add your host names), Firefox: add domino host to network.negotiate-auth.trusted-uris
Hope that helps - Michael
You could generate your own Domino Ltpa token (cookie) from sharepoint upon login. So long as the domains are set up ok, the browser should pass this to the Domino server and automatically log them in.
Feel free to contact me directly if you need specific help.
Is there an identity management mechanism available to control/manage user access to a service running on the cloudbees RUN#cloud platform i.e. force log in / sign up etc?
Thanks,
/W
Users you added to your cloudbees domain ("account") can access all services. For a FOSS account, resources are accessible read-only without authentication, but in all other cases login to the platform is required.
Only administrators can subscribe to new services. Jenkins on DEV#Cloud adds RBAC plugin so you can control fine-grain access to jobs and folders.
As far as I know there is no special support from the CloudBees platform for authentication of users of your application: this is just something you would implement in your app using any of numerous available libraries according to language and web framework, using the authentication system of your choice such as OpenID.
In my opinion you should consider Identity access management solutions from TeleSign. You should be able to control user access to services running on Cloudbees Run#cloud platform with ease.