Your JourneyApps applications have the option of integrating with your identity provider using our single sign-on (SSO) integration. SSO can be configured using service provider (SP) initiated login, and our supported protocols are SAML, WS-Fed, and OpenID.
The process to configure SSO is as follows:
- JourneyApps will generate and provide SP metadata
- Your identity provider manager will upload the SP metadata into your system and export the identity provider (IdP) metadata, which will be provided to JourneyApps
- JourneyApps will then import the IdP metadata and enable the SSO for your application
a. SSO will be enabled per deployment
Once SSO is configured, it is required that the application has an associated idp_app_user_task
CloudCode task, which must be created with the CloudCode template task titled “IDP app user task.”
Please see below for an example idp_app_user_task
:
/**
* Find or create mobile app user object based on claims.
*
* For an authorized user:
*
* return context.authorized(user);
*
* Failure:
*
* return context.unauthorized({message: 'Access not allowed'});
*/
export async function extractIdentity({ claims, context }) {
// Your code here
console.log("Claims: ", JSON.stringify(claims));
let unique_identifier_from_claims = claims.email.toLowerCase();
// Find the unique user in the database
let user = await DB.user.first('email = ?', unique_identifier_from_claims);
// Did a user already exist?
if(user){
// Update any necessary information on the user object
user.name = claims.name;
user.employee_id = claims.employee_id;
await user.save();
return context.authorized(user);
} else {
// Create the user if the user did not yet exist in the database
let new_user = DB.user.create();
new_user.email = unique_identifier_from_claims;
new_user.name = claims.name;
new_user.employee_id = claims.employee_id;
await new_user.save();
return context.authorized(user);
}
}
To enable SSO integration, please reach out to your JourneyApps contact.