Welcome to Almefy HUB, the epitome of streamlined and secure authentication. Our innovation, grounded in Identity-Based Encryption (IBE), eliminates the complexities of two-factor authentication and obsolete passwords. With the Almefy App as your access key, authentication becomes a one-step process—simply scan a QR code. Seamlessly integrating through OIDC and SAML workflows, we empower technical users with Single Sign-On (SSO) capabilities across the entire business application landscape. Welcome to a future where authentication meets efficiency at the Almefy HUB.
The Almefy HUB management console:
- empowers you to seamlessly enroll users
- enables application endpoints
- authorize user access to specific endpoints.
- Dive into the intricate details of user behaviour through insightful statistics, providing a granular understanding of access patterns and trends.
Almefy HUB is not just a gateway; it's your command center for authentication and access control.
Getting Started
To get things going follow the steps below.
Enable an Endpoint Application
Endpoint applications are enabled using Security Assertion Markup Language (SAML) or Open ID Connect (OIDC). In the Application Endpoints section, you find instructions for specific applications. Below you find the steps when you can not find your application.
Enable an Endpoint Application with SAML
In the Almefy HUB.
Go to: "Endpoints" -> "Add SAML Endpoint"
- Add a name for the Endpoint. This is a reference just for you
- Add an Endpoint ID. Format lower with no spaces
- This Endpoint ID is used to create for example the ACS URL. Endpoint ID = shopware
|---|
|https://shopware.yourcompany.sso.almefy.com/admin/open-auth/5afb2a460ce24c96954f5ed0f429adb7/redirect|
- This Endpoint ID is used to create for example the ACS URL. Endpoint ID = shopware
Certainly! Let's go through an example of enabling an application using SAML with Okta as the Identity Provider (IdP). In this case, let's configure SAML for a fictitious web application called "ExampleApp."
1. Okta Configuration:
-
Add SAML Application:
- Log in to the Okta admin console.
- Navigate to the "Applications" tab and click "Add Application."
- Search for "SAML" and choose "SAML 2.0."
-
Configure SAML Settings:
- Enter the following details:
- App name: ExampleApp
- Single sign on URL (ACS URL): The Assertion Consumer Service URL for ExampleApp.
- Audience URI (SP Entity ID): Unique identifier for ExampleApp.
- Name ID format: Choose an appropriate format (e.g., EmailAddress).
- Enter the following details:
-
Configure Attribute Statements:
- Map Okta user profile attributes (e.g., email, first name, last name) to SAML attributes expected by ExampleApp.
-
Obtain Metadata:
- Save the Okta metadata, which contains the IdP entity ID, Single Sign-On URL, and Okta public key/certificate.
2. ExampleApp Configuration:
-
Configure ExampleApp as SP:
- In the ExampleApp admin panel or configuration files, enter the Okta metadata or manually input the IdP entity ID, Single Sign-On URL, and Okta public key/certificate.
-
Map Attributes and Roles:
- Define how the incoming SAML attributes from Okta (e.g., email, first name) map to user attributes expected by ExampleApp.
-
Configure SAML Assertions:
- Specify which SAML assertions should be included in the authentication response.
3. Test the Configuration:
-
Initiate SAML Test:
- Initiate a SAML authentication from ExampleApp.
- Verify that you are redirected to Okta for authentication.
-
Verify Assertions:
- Confirm that Okta sends the required SAML assertions back to ExampleApp.
4. Deploy and Monitor:
-
Deploy to Production:
- Once testing is successful, deploy the SAML configuration to the production environment.
-
Monitor SAML Transactions:
- Regularly monitor SAML logs in Okta and ExampleApp.
- Address any issues promptly and ensure the consistency of SAML transactions.
5. Single Logout (Optional):
- Configure Single Logout (SLO):
- If ExampleApp and Okta support SLO, configure it to ensure consistent session termination across all connected applications.
6. Documentation and Support:
-
Document Configuration:
- Document the Okta and ExampleApp SAML configuration details for future reference.
-
Provide Support Documentation:
- Make support documentation available to assist users with the SAML-enabled ExampleApp.
This example is tailored for Okta, and the steps may vary slightly depending on the specific requirements and options available in your Okta and ExampleApp configurations. Always refer to the official documentation provided by Okta and ExampleApp for accurate and detailed instructions.