About SSO Identity Providers

In the Appendix, you will learn how to configure Identity Provider (IDP) and the navigation to fetch the required IDP configurations for AutomationEdge SSO Setups. The configurations may include some the following for OpenID Connect as well as SAML protocols:

• Identity Provider Issuer.
• Identity Provider Endpoints (Authorization, Token, End Session Endpoints).
• Login redirect URIs Your web application must host a route that Identity Provider sends information to when a user signs in. Redirect URL must be an absolute URI, i.e. https://host:port/aeui/. Redirect URL in aeui portal must be the same as Redirect_URI the Identity Provider.
• Logout redirect URIs.
• Client ID (The public identifier for apps).
• Client Secret (the secret is known only to the application and the authorization server). The configuration additionally includes the following for SAML protocols:
• CSA Certificate (.crt) for SAML IDP configuration.
• Keystore File/ Keystore Alias/Keystore Password for SAML AE configuration.

The following topics discuss the configurations for each Identity Provider and protocol:

• AE initiated SSO with Okta using OpenID Connect
• Okta(IDP) initiated SSO to AE using OpenID Connect
• AE initiated SSO with Okta using SAML
• Okta (IDP) initiated SSO for AE using SAML
• AE initiated SSO with Keycloak using OpenID Connect
• AE initiated SSO with Keycloak using SAML
• AE initiated SSO with ADFS using OpenID Connect
• AE initiated SSO with ADFS using SAML
• Keystore and Certificate Generation