Scroll ignore | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
This page will explain how to enable Single Sign On (SSO) via your Azure Active Directory service and use AD groups to manage roles in KADA. The authentication method used is Open ID connect (Oauth 2.0)
...
Log into to your K platform instance ([customer].kada.ai)
Select Platform Settings in the side bar
In the pop-out side panel, under Administrations, click on Customisation
Under Platform Setup, toggle on Enable Single Sign On
Click on Configure Single Sign On
Select Identity Providers in the side panel and click Add Provider
Choose OpenIDConnect v1.0 from the drop down list
Scroll to the bottom of the list Go to Discovery endpoint and paste the URL for OpenID Connect metadata document that you copied in the previous step into the Import from URL and click ImportSome information will pre-populate from the Azure AD configuration. Complete the missing information and click Save
Update the following information
Alias - The alias cannot have any characters that require url encoding eg spaces. Copy this name if you plan to only allow SSO identities and disable local user logins.
Display Name - This is the name that users select on the Log In page to access via SSO (see below screenshot where the display name was “Sign in with Azure AD”
Client Authentication - Set to Client secret sent as basic auth
Client ID - Paste the Application (client) ID saved from the previous step
Client Secret - Paste the Secret Value saved from the previous stepSync Mode - Select Force
Copy the Redirect URL for use in a later step
The below Log In option will now appear the next time you try to log in to KADA
...
Log in to your company’s Azure Portal and open the Azure Active Directory page
Select Groups in the side panel and click on New Group.Create 5 Groups that align to the 5 roles In KADA
Administrator
Business User
Data Worker
Data Manager
Data Governance Manager
Select App registrations in the side panel and click on the newly created KADA App
Select App roles in the side panel and click Create app role
Create 5 roles using the information in the following table
Display Name | Value |
---|---|
Administrator | kada_admin |
Business User | kada_business_user |
Data Worker | kada_user |
Data Manager | kada_manager |
Date Governance Manager | kada_data_gov_manager |
...
Return to the main Azure Portal homepage and open the Enterprise applications page
Select the newly created KADA App
Select Users and groups from the side panel and click Add user/group
Add the 5 groups you created in Azure AD and assign it to the 5 role you created in the KADA app
...
Log into to your K platform instance ([customer].kada.ai)
Select Platform Settings in the side bar
In the pop-out side panel, under Administration click on Customisation
Click on Configure Single Sign On
Go to Identity Providers
Select the newly created Identify Provider you created in Step 2 and click on the Mappers tab
You will need click Add Mapper to create a mapping for each role. You will need to complete this step 5 times.
For each role
Set the mapper name: kada_admin_group_mapper
Set Mapper Type to Advanced Claim to Group
Add roles to the Key field. Add Value from the table below.
For example: For the kada_admin_group_mapper the value is kada_admin
Role Name | Value |
---|---|
Administrator | kada_admin |
Business User | kada_business_user |
Data Worker | kada_user |
Data Manager | kada_manager |
Data Governance Manager | kada_data_gov_manager |
Check after each mapping is completed. It should look like the below
...