Skip to main content

Identity Provider (IdP) Configuration

Overview

Configure your identity provider for use in AdminX. Adding your identity provider enables you to use several user-friendly features, such as single sign-on authentication.

Adding your Identity Provider

Log in to your AdminX panel as a tenant or community administrator. From the Administrator Dashboard, click the Settings icon from the left-hand menu.

From the Settings menu, click the IdP Configuration tab:

On the IdP Configuration main page, you will be able to view any identity providers that are currently configured. To add a new identity provider, click Create Identity Provider.

note

Only one identity provider at a time can be added to your tenant

Configure Identity Provider

Core Configuration

Under Core Configuration, we need to add a few details:

  • Name: Enter a name for generating an Entity ID. For this example, we are adding our 1Kosmos account and will name our IdP 1Kosmos.
  • Authentication Request: Select whether or not your authentication request should be signed. We recommend leaving this as Signed.

SAML Metadata

SAML metadata endpoints are listed in this section, and a link to download a copy of your metadata.

  • Metadata URL: Your SAML Metadata URL will already be populated by AdminX.
    • Click download metadata to save a copy of your metadata.

Service URL End Points

Your SAML Service URL endpoints can be found in this section.

  • Single SignOn Service: Your SSO URL endpoint.
  • Single Logout Service: Your SLO URL endpoint.

Signing Certificate

In this section, users can upload new certificates, generate a self-signed certificate, and view or download their current signing certificate. The expiration date will also be listed if you have already uploaded a certificate.

View & Download Current Signing Certificate

  • Click Options -> View & Download Certificate
  • Your signing certificate details will be displayed
    • Copy your certificate to your clipboard: Click the copy icon under Certificate
    • Copy your private key to your clipboard: Click the copy under Private Key
    • Download your certificate: Click Download Certificate

Upload a New Certificate

  • Click Options -> Upload New Certificate
PEM-Encoded X.509 Certificate
  • Paste your signing certificate in the box, or click the cloud icon to upload your certificate directly (recommended)
PEM-Encoded Private Key
  • Paste your private key in the box, or click the cloud icon to upload your key directly (recommended)
  • Click Save to finish adding your new signing certificate and key

Generate a Self-Signed Certificate

  • Click Options -> Generate Self-Signed Certificate
  • Select your desired key details:
    • Algorithm: SHA1 or SHA256
    • Key Size: 1024 or 2048
    • Expiry: 1, 3, or 5 years

  • Click Generate Certificate

  • Your new certificate details will display. Click Download Certificate to save a copy to your machine.

Encryption Certificate

In this section, users can upload new certificates, generate a self-signed certificate, and view or download their current encryption certificate. The expiration date will also be listed if you have already uploaded a certificate.

View & Download Current Encryption Certificate

  • Click Options -> View & Download Certificate
  • Your encryption certificate details will be displayed
    • Copy your certificate to your clipboard: Click the copy icon under Certificate
    • Copy your private key to your clipboard: Click the copy under Private Key
    • Download your certificate: Click Download Certificate

Upload a New Certificate

  • Click Options -> Upload New Certificate
PEM-Encoded X.509 Certificate
  • Paste your signing certificate in the box, or click the cloud icon to upload your certificate directly (recommended)
PEM-Encoded Private Key
  • Paste your private key in the box, or click the cloud icon to upload your key directly (recommended)
  • Click Save to finish adding your new signing certificate and key

Generate a Self-Signed Certificate

  • Click Options -> Generate Self-Signed Certificate
  • Select your desired key details:
    • Algorithm: SHA1 or SHA256
    • Key Size: 1024 or 2048
    • Expiry: 1, 3, or 5 years

  • Click Generate Certificate

  • Your new certificate details will display. Click Download Certificate to save a copy to your machine.

Create a Self-Signed Certificate Using OpenSSL

Administrators can use the command line tool openssl to generate a PEM-encoded X.509 certificate and private key if desired.

Using your terminal, run the following commands:

Step 1: Create 2048-bit Private Key
openssl genrsa -traditional -out private_key.pem 2048
Step 2: Generate a Certificate Request Using SHA256 with a Lifetime of 365 Days
openssl req -new -key private_key.pem -out cert_request.pem -sha256 -days 365
tip

When generating the certificate, fill out the metadata correctly to specify the correct Organizational Unit parameter

Step 3: Generate a New Certificate from the Certificate Request
openssl x509 -req -days 365 -in cert_request.pem -signkey private_key.pem -out signing_certificate.pem
Step 4: Upload your Signing Certificate and Key

Follow the steps in Upload a New Certificate.

  • Click the cloud icon to upload your files directly rather than pasting them in the box.
  • Click Save to finish adding your signing certificate and key

Next Steps

After completing the IdP configuration in AdminX, you should finalize your changes by clicking the Save button at the bottom of the page.

You must then log on to your Service Provider (SP) account to set it up for SSO using the Signing Certificate, Encryption Certificate, SAML Metadata, and the Service URL End Points. The process differs slightly for each provider - please consult your SP's documentation for instructions on configuring your IdP from their configuration panel.