Skip to main content
Version: Release 23.1

Integrate Release With Digital.ai Platform Identity Service

Use the Digital.ai Identity Service to implement single sign-on (SSO) for your users—recommended for sites that have OIDC or SAML compliant IDPs.

Integrate your OIDC or SAML compliant IDP with Digital.ai Identity Service and later integrate Digital.ai Release with the Digital.ai Identity Service.

  • To simplify the SSO configuration and customer onboarding processes, Digital.ai has introduced its own Digital.ai Identity Service that supports multiple protocols.
  • We recommend you integrate Digital.ai Release with external IDPs via the Digital.ai Identity Service as it supports multiple protocols, configuration changes with almost nil downtime, and also supports user-friendly workflows for common tasks.

For more information, see:

Step 1—Get Digital.ai Release URL

As a first step, you must have the Digital.ai Release installed. Once installed, gather and keep the Release URL handy.

Step 2—Create Your Digital.ai Platform Account

You must contact the Digital.ai Support team to get this account created.

For more information, see Account Setup.

Step 3—Add Release as an OIDC Client in the Digital.ai Platform Identity Service

  1. Log in to the Digital.ai Platform.

  2. Go to Admin > Clients > Add OIDC Client

  3. Give the client a name (for example, release)

  4. Add a valid redirect URI in the Valid Redirect URIs.

    <release url>/oidc-login
  5. Save the client.

For more information, see Add OIDC client.

Step 4—Set up a Local Admin User to Manage Your Digital.ai Platform Account

For more information, see Set up Local Users.

Step 5—Connect Digital.ai Platform to Your Identity Provider (OIDC or SAML)

Keep these handy:

For more information, see:

In case you use a different OIDC or SAML-compliant IDP, refer to these docs and follow the same process with tool-specific changes as required.

Step 6—Connect Digital.ai Release to the Digital.ai Platform

Note: Digital.ai Release has no direct support for SAML. However, you can integrate Release as an OIDC client with the Digital.ai Platform Identity Service and in turn connect the Digital.ai Platform Identity Service to your SAML-compliant IDP.

JVM Sites

Do this on the Digital.ai Release server to integrate Release as on OIDC client with the Digital.ai Identity Service.

  1. Install the OIDC Authentication plugin, modify the Default configuration property to OIDC in the XL_RELEASE_SERVER_HOME/xl-release.conf file.

  2. To configure the OIDC Authentication plugin, add the following code snippet to the XL_RELEASE_SERVER_HOME/xl-release.conf file.

    xl {
    security {
    auth {
    providers {
    oidc {
    clientId="<your client id here>"
    clientSecret="<your client secret here>"

    issuer: "<Enter the Open ID Provider Issuer>" # for example "https://identity.staging.digital.ai/auth/realms/demoaccount"
    redirectUri: "<release url>/oidc-login"
    postLogoutRedirectUri: "<release url>/oidc-login"

    scopes=["<your>", "<scopes>", "<here>"]

    rolesClaim="<your roles claim here>"
    userNameClaim="<your username claim here>"
    emailClaim="<your email claim here>"
    fullNameClaim="<your fullName claim here>"
    externalIdClaim="<user's employee ID or GitHub ID, for example>" //This is an optional claim
    }
    }
    }
    }
    }

    The above configuration automatically fetches the required configuration from the discovery endpoint.

    For more information, see Configure Digital.ai Release for OIDC Authentication.

Kubernetes Sites

See Select the Type of OIDC Configuration.

Step 7—Log on to Release and Add the Admin User

Log on to Release and add the Local Admin User you created in step 4 earlier.

  1. Log on to Release as ad Administrator.
  2. Create a role named Admin and add the Digital.ai Platform's admin user—created in step 4 earlier—to that role.
  3. Assign Admin permissions to this Admin role you created.

For more information, see Configure Roles and Configure Permissions.

Your SSO setup is complete.