Every business needs to share a certain amount of information with its partners, customers, suppliers, and or other organizations and when there is only a nominal trust between the two, it gets even more complicated. So, It is required to establish an appropriate level of trust with the other entity, at the same time control the access to partners depending on the level of sensitivity.
Identity Federation enables companies with several different technologies, standards, and use-cases to share their applications by allowing individuals to use the same login credentials or other personal identification information across security domains.
This guide assumes the application is either SAML 2.0 or WS-Federation compliant or is behind a Federation service.
A typical federation setup involves establishing the trust between the Identity Provider (IdP) and Service Provider (SP). This process involves the exchange of metadata between the two parties.
Establishing trust between IdP and SP will involve the following steps.
- Exchange of Metadata
- Configuration the application within BeanLogin
- Configuration of BeanLogin as an IdP within the application (this step varies from application to application)
- This step varies from application to application
- Also, it requires BeanLogin’s metadata
Exchange of Metadata
The below tables contains the parameters that you need to keep handy before you configure the app for SSO.
What is needed from the Application?
What does the Application need from BeanLogin?
If the application supports Metadata URLs, then supply the BeanLogin’s metadata URL. In case the application does not support Metadata URL, provide the following parameters.
Configuration of the application within BeanLogin
Below are the steps involved in the configuration of an application within BeanLogin.
- Login to BeanLogin as an Administrator.
- Navigate to App >> Corporate >> Register New App.
- Configure the application with the details from the worksheet.
Configuration of BeanLogin as IdP within the application
As stated earlier, the process involved varies from application to application. Use the BeanLogin’s metadata URL to complete the registration process.
Once the configuration is complete, you are ready to test the application access via BeanLogin.