Busby supports logging in with external third party Identity Providers (IdP). Both OAuth/OIDC and SAML2 are supported by all three interfaces to allow Single Sign On. In addition we can also forward login requests to Active Directory using ldap(s).
Depending on your environment and the provider certain connectors are also able to do user/group sync to import from your provider into Busby. If sync is not avilable for your provider then we support doing Just-In-Time (JIT) provisioning of users.
SAML2 connections support JIT provisioning which supports both the user and the groups that are presented in the assertion.
Currently Config Editor and Busby Admin use a common config for SSO whereas each Selector can use a separate config if needed or can use the system version too.
To enable SSO using either OAuth or SAML configuration needs to be added to setup the login flows. There are two supported SSO methods.
You also need a corresponding Third Party Authenticator which validates the retunred information.
The following authenticators are generic and can be used to provide JIT provisioning for users and groups without any synchronization.
These are services which provide thrid party validation / synchronization for specific providers.
/oauth-redirect/saml/callbackhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennamehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnamehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddresshttp://schemas.squaredpaper.co.uk/claims/telephoneNumberhttp://schemas.squaredpaper.co.uk/claims/groups