Skip to content
Datawiza DocsDatawiza Docs
Ask Questionsopen in new window
Homeopen in new window
Sign Upopen in new window
  • Overview
    • Architecture
      • Prerequisites
        • Upgrading
            • Secure a Web App Using Auth0
              • Secure a Web App Using Azure AD
                • Secure a Web App Using Azure AD B2C
                  • One Click Integration With Azure AD
                    • Secure a Web App Using Azure AD SAML
                      • Secure a Web App Using Cognito
                        • Secure a Web App Using Github
                          • Secure a Web App Using Google
                            • Secure a Web App Using Google Workspace (previously G Suite)
                              • Secure a Web App Using Keycloak
                                • Secure a Web App Using Okta
                                  • Secure a Web App Using Okta SAML
                                    • Secure a Web App Using PingOne
                                      • Secure a Web App Using Twitter
                                        • Deploy Datawiza Access Proxy with a Web App using Kubernetes
                                          • Deploy Datawiza Access Proxy using Helm
                                            • Secure Multiple Web Apps Using Different IdPs
                                              • Secure a Web App Using Multiple IdPs
                                                • Preview
                                                  • Part I: Identity Provider Configuration
                                                    • Part II: Create Deployment and Applications on Datawiza Cloud Management Console (DCMC)
                                                      • Sign Into DCMC
                                                        • Create New Deployment
                                                          • Add Application
                                                            • IdP Configuration
                                                              • Note Down Provisioning Keys
                                                                • Assigning IdPs to our Applications
                                                                • Part III: Run DAP With Our Applications
                                                                  • Summary
                                                                  • Enable B2B Single Sign-On (SSO) for a SaaS Application
                                                                  • FAQ

                                                                    Secure a Web App Using Multiple IdPs

                                                                    timer iconAbout 3 min

                                                                    On This Page
                                                                    • Preview
                                                                    • Part I: Identity Provider Configuration
                                                                    • Part II: Create Deployment and Applications on Datawiza Cloud Management Console (DCMC)
                                                                      • Sign Into DCMC
                                                                      • Create New Deployment
                                                                      • Add Application
                                                                      • IdP Configuration
                                                                      • Note Down Provisioning Keys
                                                                      • Assigning IdPs to our Applications
                                                                    • Part III: Run DAP With Our Applications
                                                                    • Summary

                                                                    # Enable SSO for a Single Web Application using Multiple Identity Providers

                                                                    # Preview

                                                                    In this tutorial, we will use the Datawiza Access Proxy (DAP) to enable SSO and granular access control for a header-based web app. The IdPs we will be using are Azure AD and Okta. The goal of this tutorial is to see how we can add multiple Identity Providers to a single deployment within the Datawiza Cloud Management Console (DCMC).

                                                                    • Our application will be running on our local docker network, 172.17.0.1:3001.
                                                                    • The DAP will run on localhost:9772, which means the traffic to the app will reach the DAP (running on port 9772) first and then be proxied to the application (running on port 3001).
                                                                    • We will provide the docker images for the DAP and this header-based application.

                                                                    # Part I: Identity Provider Configuration

                                                                    You will need to register the application with an Identity Provider. For this tutorial, we will create one registration using Azure AD and another for Okta. Refer to IdP Configuration Guide: Microsoft Azure AD and IdP Configuration Guide: Okta for specific configuration instructions.

                                                                    # Part II: Create Deployment and Applications on Datawiza Cloud Management Console (DCMC)

                                                                    After configuring both of our Identity Providers, we need to create a new deployment on the DCMC which will contain our application. We will also generate a keypair (PROVISIONING_KEY, PROVISIONING_SECRET) in order for the DAP to get the latest configurations and policies from the DCMC.

                                                                    # Sign Into DCMC

                                                                    1. Login to the DCMCopen in new window.

                                                                    DCMC login

                                                                    # Create New Deployment

                                                                    1. Click the orange button Getting started and specify a Name and a Description. Click Save.

                                                                    New deploymentNew deployment

                                                                    # Add Application

                                                                    Configure our application with the following fields:

                                                                    • Platform: Web
                                                                    • Name: Demo App
                                                                    • Public Domain: http://localhost:9772
                                                                    • Listen Port: 9772
                                                                    • Upstream Server: http://172.17.0.1:3001
                                                                    • Select Next.

                                                                    App Config

                                                                    # IdP Configuration

                                                                    1. Choose Microsoft Azure Active Directory from the drop down menu. We'll add Azure AD first, and then add Okta as an additional IdP later.

                                                                    Populate the fields of the form with the keys/values obtained from IdP Configuration Guide: Microsoft Azure AD. Choose Azure IdP Alternatively, you can use One Click Integration to configure the Azure. Choose Azure IdP

                                                                    # Note Down Provisioning Keys

                                                                    Note down your PROVISIONING_KEY and PROVISIONING_SECRET. We will need these values later when deploying the DAP.

                                                                    Obtain Provisioning Key

                                                                    # Assigning IdPs to our Applications

                                                                    1. Return to the Applications tab. Select your application, and go to IdP Configuration. Select Assign IdP. From the drop down menu, you should see the IdPs that we have added to the DCMC. Assign Azure AD and Okta to your Demo App.

                                                                    Assign IdP

                                                                    # Part III: Run DAP With Our Applications

                                                                    We can use either docker or docker-compose to run the DAP. The following is an example of a docker-compose.yml file. You may need to login to our container registry to download the images of the Access Proxy. See Step3: Configure DAP and SSO Integration for more details.

                                                                    version: '3'
                                                                    
                                                                    services:
                                                                      datawiza-access-broker:
                                                                        image: registry.gitlab.com/datawiza/access-broker
                                                                        container_name: datawiza-access-broker
                                                                        restart: always
                                                                        ports:
                                                                          - "9772:9772"
                                                                        environment:
                                                                          PROVISIONING_KEY: #############################
                                                                          PROVISIONING_SECRET: #############################
                                                                    
                                                                      header-based-app:
                                                                        image: registry.gitlab.com/datawiza/header-based-app
                                                                        container_name: ab-demo-header-app
                                                                        restart: always
                                                                        ports:
                                                                          - "3001:3001"
                                                                    
                                                                    1
                                                                    2
                                                                    3
                                                                    4
                                                                    5
                                                                    6
                                                                    7
                                                                    8
                                                                    9
                                                                    10
                                                                    11
                                                                    12
                                                                    13
                                                                    14
                                                                    15
                                                                    16
                                                                    17
                                                                    18
                                                                    19

                                                                    After executing docker-compose -f docker-compose.yml up, our web app should have SSO enabled with both Azure AD and Okta. Open a browser and visit http://localhost:9772/. You should see a login page as follows, allowing you to select the IdP you would like to authenticate with:

                                                                    Azure AD login

                                                                    After successfully logging in with either IdP, we can see our web application:

                                                                    Azure with DCMC attributes

                                                                    # Summary

                                                                    In summary, we have seen how to deploy the DAP and implement SSO with multiple Identity Providers. Refer to Step4: Pass User Attributes and Step5: Achieve Granular Access Control to interact with the other features provided by the Datawiza Access Proxy.

                                                                    Prev
                                                                    Secure Multiple Web Apps Using Different IdPs
                                                                    Next
                                                                    Enable B2B Single Sign-On (SSO) for a SaaS Application
                                                                    You can also reach us on Discord
                                                                    Copyright © 2022 Datawiza Technologies Inc