Integrate Release With Digital.ai Platform Identity Service
Use the Digital.ai Identity Service to implement single sign-on (SSO) for your users—recommended for sites that have OIDC or SAML compliant IDPs.
Integrate your OIDC or SAML compliant IDP with Digital.ai Identity Service and later integrate Digital.ai Release with the Digital.ai Identity Service.
- To simplify the SSO configuration and customer onboarding processes, Digital.ai has introduced its own Digital.ai Identity Service that supports multiple protocols.
- We recommend you integrate Digital.ai Release with external IDPs via the Digital.ai Identity Service as it supports multiple protocols, configuration changes with almost nil downtime, and also supports user-friendly workflows for common tasks.
For more information, see:
- Digital.ai Platform Account Administrator Handbook to quickly understand what it takes to integrate with the Digital.ai Platform Identity Service.
- Digital.ai Platform Documentation to learn more about the Digital.ai Platform Identity Service.
Step 1—Get Digital.ai Release URL
As a first step, you must have the Digital.ai Release installed. Once installed, gather and keep the Release URL handy.
Step 2—Create Your Digital.ai Platform Account
You must contact the Digital.ai Support team to get this account created.
For more information, see Account Setup.
Step 3—Add Release as an OIDC Client in the Digital.ai Platform Identity Service
-
Log in to the Digital.ai Platform.
-
Go to Admin > Clients > Add OIDC Client
-
Give the client a name (for example, release)
-
Add a valid redirect URI in the Valid Redirect URIs.
<release url>/oidc-login
-
Save the client.
For more information, see Add OIDC client.
Step 4—Set up a Local Admin User to Manage Your Digital.ai Platform Account
For more information, see Set up Local Users.
Step 5—Connect Digital.ai Platform to Your Identity Provider (OIDC or SAML)
Keep these handy:
-
OIDC
- Client ID
- Client secret
- .well-known endpoint - In Azure AD this is known as OpenID Connect metadata and it looks like this: https://login.microsoftonline.com/\`tenantName`working-with-tasks-using-new-task-drawer.md/.well-known/openid-configuration
-
SAML
- Metadata URL
For more information, see:
In case you use a different OIDC or SAML-compliant IDP, refer to these docs and follow the same process with tool-specific changes as required.
Step 6—Connect Digital.ai Release to the Digital.ai Platform
Note: Digital.ai Release has no direct support for SAML. However, you can integrate Release as an OIDC client with the Digital.ai Platform Identity Service and in turn connect the Digital.ai Platform Identity Service to your SAML-compliant IDP.
JVM Sites
Do this on the Digital.ai Release server to integrate Release as on OIDC client with the Digital.ai Identity Service.
-
Install the OIDC Authentication plugin, modify the
Default
configuration property toOIDC
in theXL_RELEASE_SERVER_HOME/xl-release.conf
file. -
To configure the OIDC Authentication plugin, add the following code snippet to the
XL_RELEASE_SERVER_HOME/xl-release.conf
file.xl {
security {
auth {
providers {
oidc {
clientId="<your client id here>"
clientSecret="<your client secret here>"
issuer: "<Enter the Open ID Provider Issuer>" # for example "https://identity.staging.digital.ai/auth/realms/demoaccount"
redirectUri: "<release url>/oidc-login"
postLogoutRedirectUri: "<release url>/oidc-login"
scopes=["<your>", "<scopes>", "<here>"]
rolesClaim="<your roles claim here>"
userNameClaim="<your username claim here>"
emailClaim="<your email claim here>"
fullNameClaim="<your fullName claim here>"
externalIdClaim="<user's employee ID or GitHub ID, for example>" //This is an optional claim
}
}
}
}
}The above configuration automatically fetches the required configuration from the discovery endpoint.
For more information, see Configure Digital.ai Release for OIDC Authentication.
Kubernetes Sites
See Select the Type of OIDC Configuration.
Step 7—Log on to Release and Add the Admin User
Log on to Release and add the Local Admin User you created in step 4 earlier.
- Log on to Release as ad Administrator.
- Create a role named
Admin
and add the Digital.ai Platform's admin user—created in step 4 earlier—to that role. - Assign Admin permissions to this
Admin
role you created.
For more information, see Configure Roles and Configure Permissions.
Your SSO setup is complete.