Limeade ONE Authentication Provider Guide
Overview
Limeade ONE offers a third-party authentication provider Integration mode that allows companies to use their existing security infrastructure to authenticate users for mobile consumption. Using this mode, a lot of administrative work can be avoided in comparison to using the Limeade ONE authentication. Users can be provisioned in the platform based on their corporate credentials and there is no need to configure users via the user management portal.
Currently Supported Platforms
Limeade ONE already supports many third-party authentication providers. Below are the currently supported platforms:
- ADFS
- Azure AD
- Ping
- Centrify
- F5
Supported Protocols
Limeade ONE is built to handle many other authentication providers by having the technology to handle the following protocols:
- WS-FED
- SAML 2.0
- Open ID Connect
To have Limeade ONE support a platform that is not on the currently supported platform list, engage with the customer success manager or account manager given; they are always interested in supporting new providers.
Connecting to Limeade ONESee the following to understand the process for connecting a supported authentication provider to Limeade ONE.
Setting up Claims
The first step to configuring an authentication provider is to set up the claims that Limeade ONE requires to identify users.
Below is the list of required claims that Limeade ONE requires.
Supported Claims
|
Claim |
Description |
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn or upn or userprincipalname or Sub or http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier or name |
This is the claim that handle user id. It is required to be unique. We check all claims in the order specified. If none of these claims are found the user will not be granted access.
**“sub” is used for Azure AD configuration |
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress or or emailaddress or email-address |
This claim is used to add a user email address to their user record. The email address can be used for notifications within the Limeade ONE platform. If this claim is not provided we will use the UPN claim for user email which is typically an email address |
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname or First name or given_name or givenname
|
This claim is used to add the user First name to the user record. |
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname or Last name or lastname or family_name or surname |
This claim is used to add the user Last Name to the user record. |
Exchange of Metadata URLs
The next step is to provide Limeade ONE with a metadata URL. Once Limeade configures the metadata URL in the system, Limeade will provide the user with a custom metadata URL to add to an organizations configuration. The provided metadata file contains all required information needed to work seamlessly with Limeade ONE.
Comments
0 comments
Article is closed for comments.