# Enable SSO for a Single Web Application using Multiple Identity Providers
# Preview
In this tutorial, we will use the DAB to enable SSO and granular access control for a header-based web app. The IdPs we will be using are Azure AD and Okta. The goal of this tutorial is to see how we can add multiple Identity Providers to a single deployment within the Datawiza Cloud Management Console (DCMC).
- Our application will be running on our local docker network,
172.17.0.1:3001. - The DAB will run on
localhost:9772, which means the traffic to the app will reach the DAB (running on port 9772) first and then be proxied to the application (running on port 3001). - We will provide the docker images for the DAB and this header-based application.
# Part I: Identity Provider Configuration
You will need to register the application with an Identity Provider. For this tutorial, we will create one registration using Azure AD and another for Okta. Refer to IdP Configuration Guide: Microsoft Azure AD and IdP Configuration Guide: Okta for specific configuration instructions.
# Part II: Create Deployment and Applications on Datawiza Cloud Management Console (DCMC)
After configuring both of our Identity Providers, we need to create a new deployment on the DCMC which will contain our application. We will also generate a keypair (PROVISIONING_KEY, PROVISIONING_SECRET) in order for the DAB to get the latest configurations and policies from the DCMC.
# Sign Into DCMC
- Login to the DCMC.
# Create New Deployment
- Click the orange button
Get startedand specify aNameand aDescription. ClickSave.
# Provisioning Keys
- Create your set of provisioning keys. This enables the DCMC to verify the DAB's authenticity. Specify a
Key Nameand set theExpiresfield to be1 month later.
# IdP Configuration
- Choose
Microsoft Azure Active Directoryfrom the drop down menu. We'll addAzure ADfirst, and then addOktaas an additional IdP later.
Populate the fields of the form with the keys/values obtained from IdP Configuration Guide: Microsoft Azure AD.
# Add Application
Configure our application with the following fields:
Name: Demo AppPublic Domain:http://localhost:9772Upstream Server:http://172.17.0.1:3001Default Action:Allow- Select
Create.
# Note Down Provisioning Keys
Note down your PROVISIONING_KEY and PROVISIONING_SECRET. We will need these values later when deploying the DAB.
# Assigning IdPs to our Applications
- Return to the
Applicationstab. Select your application, and go toIdP Configuration. SelectAssign IdP. From the drop down menu, you should see the IdPs that we have added to the DCMC. AssignAzure ADandOktato yourDemo App.
# Part III: Run DAB With Our Applications
We can use either docker or docker-compose to run the DAB. The following is an example of a docker-compose.yml file. You may need to login to our container registry to download the images of the Access Broker. See Step3: Configure DAB and SSO Integration for more details.
version: '3'
services:
datawiza-access-broker:
image: registry.gitlab.com/datawiza/access-broker
container_name: datawiza-access-broker
restart: always
ports:
- "9772:9772"
environment:
PROVISIONING_KEY: #############################
PROVISIONING_SECRET: #############################
header-based-app:
image: registry.gitlab.com/datawiza/header-based-app
container_name: ab-demo-header-app
restart: always
ports:
- "3001:3001"
After executing docker-compose -f docker-compose.yml up, our web app should have SSO enabled with both Azure AD and Okta. Open a browser and visit http://localhost:9772/. You should see a login page as follows, allowing you to select the IdP you would like to authenticate with:
After successfully logging in with either IdP, we can see our web application:
# Summary
In summary, we have seen how to deploy the DAB and implement SSO with multiple Identity Providers. Refer to Step4: Pass User Attributes and Step5: Achieve Granular Access Control to interact with the other features provided by the Datawiza Access Broker.