Define the Identity Provider - Intergraph Smart API Manager - 5.0 - Help

Intergraph Smart API Manager Help

Language
English
Product
Intergraph Smart API Manager
Search by Category
Help
Smart API Manager Version
5.0
  1. Click Provider Name and enter a unique, identifying name for the external IdP.

  2. Click NEXT.

  3. Select the type of identity provider you are adding. There are three types of identity providers you can configure in Smart API Manager:

    Identity
    Provider Type


    Description

    WS-Federation

    A WS-Federation provider uses the WS-PassiveFederation protocol to authenticate.

    The Integrated Windows Authentication (IWA) provider delivered with Smart API Manager is a WS-Federation provider.

    OpenID Connect (OIDC)

    An OIDC provider uses OpenID Connect, an interoperable authentication protocol based on the OAuth 2.0 family of specifications.

    Before adding an OIDC identity provider:

    You must add or register an OIDC (or OAuth 2.0) client with the OIDC service provider you wish to use for authentication. The OIDC client must support the Implicit flow.

    The OIDC client provides the ClientId, MetadataAddress, and (for OIDC clients configured to use the authorization code flow) ClientSecret value required to configure the identity provider in Smart API Manager.

    Afterwards, you must return to the OIDC client to finish its configuration, establishing the identity provider from Smart API Manager as an OIDC Relying Party (RP). See the OIDC section in the settings table below for details.

    SAML 2.0

    A SAML 2.0 provider uses the SAML 2.0 protocol to authenticate.

    Before adding a SAML 2.0 identity provider:

    You must have access to the external SAML Identity Provider (SAML IDP) you wish to use for authentication. The SAML IDP provides the MetadataAddress and Issuer values required to configure the identity provider in Smart API Manager.

    Afterwards, you must return to the SAML IDP to finish its configuration, establishing the identity provider from Smart API Manager as a SAML Service Provider (SAML SP). See the SAML 2.0 section in the settings table below for details on the requirements.

    Local

    A Local identity provider is based on a custom assembly you must develop to validate a username and password. The Windows Credentials provider delivered with Smart API Manager is a Local provider.

    A Local provider is useful if you have an application or proprietary user store you need to use for authentication. The assembly you develop must implement the following interface:

    Intergraph.WebApi.Management.Dashboard.
    Security.ILocalIdentityProvider

    The Intergraph.WebApi.Management.Dashboard.Security assembly is delivered with Smart API Manager. Contact Intergraph support/consulting services for information on developing a custom assembly if needed.

  4. Click NEXT to define default settings and their values.