Versions Compared

Old Version 4

changes.mady.by.user Harald Saller

Saved on

compared with

New Version 5

changes.mady.by.user Sarah Kunth-Wisskirchen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Generally, IGEL OS 12 supports OpenID Connect authentication. For IdPs that adhere closely to this standard, there is a good chance that they can be used with IGEL OS 12.

Info

Generally, you can edit the IGEL OS 12 device configuration as follows:

  • via the IGEL UMS Web App:

    • Configuration > Create new profile 

      (You select one or several apps that will be configured by the profile. If the IGEL OS base system app is selected, all other apps are shown under the tab "Apps"; if not, each app is displayed as a separate tab)

    • Apps > [name of the app] > Create new profile (used to quickly configure a profile for the selected app. It is also possible to add other apps that will be configured by this profile)

    • Devices > [name of the device] > Edit Configuration (shows all installed apps. Apps are displayed under the tab "Apps")

  • via IGEL Setup locally on the device (shows all installed apps. Apps are displayed under the tab "Apps")

The best practice to configure your devices is via profiles. For details on how to create profiles, see /wiki/spaces/HTSWICP/pages/83886925Creating a Profile.

Apps and Utilities for IGEL OS 12 That Support SSO with Microsoft Entra ID
Anchor
AppsandUtilitiesforIGELOS12thatSupportSSOwithAzureAD
AppsandUtilitiesforIGELOS12thatSupportSSOwithAzureAD

...

  1. Go to Security > Logon > Single Sign-On and edit the settings as follows:

    • Enable Single Sign-On with Identity Provider.

    • Set Identity Provider to Azure ID.

    • Enter the Azure AD Tenant Name/IDThis is the value you have obtained as Directory (tenant) ID in Azure AD Portal.

    • Set the appropriate Application (client) ID. You have obtained this value as Application (client) ID in your Azure AD Portal.

    • Enter the Client secret.

  2. Include Page
    IGELOS12BSDOCP:_SSO Autologin
    IGELOS12BSDOCP:_SSO Autologin



  3. Click Save or Save and close.
    The desktop of the device is terminated. The login screen is displayed.
    You can now use the apps and utilities for IGEL OS 12 that support SSO with Entra AD.
    For details on importing apps from the IGEL App Portal and installing them on IGEL OS devices, see /wiki/spaces/HTSWICP/pages/83886925 and /wiki/spaces/HTSWICP/pages/83886925IGEL UMS 12: Basic Configuration and Assignment of Apps and Profiles.
    All methods of multi-factor authentication are available except the hardware token.

...

  1. Log in to Okta with your admin account, and from the Applications menu, select Applications > Create App Integration.


  2. Edit the settings as follows and then click Next. 

    • Set Sign-in method to OIDC - OpenID Connect.

    • Set Application type to Native Application.


  3. Edit the settings as follows and then click Save.

    • Under App integration name, enter a name for your application, e.g. "IGEL OS Single sign-on".

    • Make sure that as the Grant type, the option Authorization Code is selected.

    • Under Sign-in redirect URIs, enter "http://localhost/callback".

      The app integration is created.

  4. Select the General tab and then click Edit.


  5. Under Client authentication, select Client secret and make sure that under Proof Key for Code Exchange (PKCE)Require PKCE as additional verification is enabled. Afterward, click Save.

    The client secret will be created.

  6. Copy the Client ID and the Secret (client secret).


...

  1. Log in to your PingIdentity account, go to Applications, and click the add symbol to create a new application.

    Image RemovedImage Added



  2. Provide an Application Name, select Native as the Application Type, and click Save.

    Image RemovedImage Added



  3. Select the Configuration tab and click the edit button.

    Image RemovedImage Added



  4. Edit the configuration as described below and click Save.

    • Response Type: Select Code.

    • Grant Type: Select Authorization Code and set PKCE Enforcement to S256_REQUIRED.

    • Redirect URIs: Enter http://localhost/callback

    • Token Endpoint Authentication Methods: Select Client Secret Post.

      Image RemovedImage Added



  5. Select the Resources tab and click the edit button.

    Image RemovedImage Added



  6. Ensure that the following resource scopes are activated and click Save.

    • email

    • openid

    • profile

      Image RemovedImage Added



  7. Review the list of ALLOWED SCOPES.

    Image RemovedImage Added



  8. Select the Configuration tab and copy the following data for later use:

    • Client ID

    • Client Secret

      Image RemovedImage Added



  9. Expand the list of URLs and copy the Issuer URL for later use.

    Image RemovedImage Added



  10. Activate your application.

    Image RemovedImage Added

Configuring IGEL OS for SSO with Ping Identity / PingOne

...

In your IdP console, edit the parameters as follows (the exact parameter names will probably deviate):

Parameter

Values

Response type

code

Scopes

openid, profile, email

Redirect URI

http://localhost/callback

Code challenge method

S256

Response mode

fragment

Client authentication

client_secret_post

Configuring IGEL OS for SSO with Generic OpenID Connect

  1. Go to Security > Logon > Single Sign-On and edit the settings as follows:

    • Enable Single Sign-On with Identity Provider.

    • Set Identity Provider to OpenID Connect.

    • Provide the Issuer URL for your user. This is the Issuer URL provided in the IdP console. Example for Keycloak: https://keycloak.yourcompany.com/realms/yourrealm

    • Provide the Client IDThis is the client ID that was created in the IdP console.

    • Provide the Client secret.

      Image RemovedImage Added



  2. Click Save or Save and close.
    The desktop of the device is terminated. The login screen is displayed.
    You can now use the apps and utilities for IGEL OS 12 that support SSO with OpenID Connect (generic).
    For details on importing apps from the IGEL App Portal and installing them on IGEL OS devices, see /wiki/spaces/HTSWICP/pages/83886925 and /wiki/spaces/HTSWICP/pages/83886925IGEL UMS 12: Basic Configuration and Assignment of Apps and Profiles.
    For supported multi-factor authentication methods, check the documentation of your IdP.

...