habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added final steps

Browse Source
This commit is contained in:
Dewi Roberts
2025-06-05 16:44:13 +03:00
parent e20fddaf79
commit 70ceb5774b
1 changed files with 57 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
website/integrations/services/ironclad/index.mdx
View File

@ -22,20 +22,20 @@ This documentation lists only the settings that you need to change from their de
## authentik configuration
To support the integration of Ironclad with authentik, you need to create a property mapping, and an application/provider pair in authentik.
To support the integration of Ironclad with authentik, you need to create three property mappings, and an application/provider pair in authentik.
### Create property mappings
Ironclad requires a first and last name for each user. By default authentik only provides a full name, as a single string value. Therefore you need to create property mappings to provide first and last names to Ironclad.
Ironclad requires a first and last name for each user. By default authentik only provides a full name, as a single string value. Ironclad also requires the email attribute in a specific form. Therefore you need to create property mappings to provide email, first names, and last names to Ironclad.
1. Log in to authentik as an admin, and open the authentik Admin interface.
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**.
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Configure the SAML Provider Property Mapping**:
- **Name**: `givenname`
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`
- **Name**: `firstName`
- **SAML Attribute Name**: `firstName`
- **Expression**:
```python
@ -48,8 +48,8 @@ Ironclad requires a first and last name for each user. By default authentik only
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Configure the SAML Provider Property Mapping**:
- **Name**: `familyname`
- **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`
- **Name**: `lastName`
- **SAML Attribute Name**: `lastName`
- **Expression**:
```python
@ -57,52 +57,80 @@ Ironclad requires a first and last name for each user. By default authentik only
```
5. Click **Finish** to save the property mapping.
6. Click **Create**.
- **Select type**: select **SAML Provider Property Mapping** as the property mapping type.
- **Configure the SAML Provider Property Mapping**:
- **Name**: `email`
- **SAML Attribute Name**: `email`
- **Expression**:
```python
return request.user.email
```
7. Click **Finish** to save the property mapping.
### Create an application and provider in authentik
1. Log in to authentik as an admin, and open the authentik Admin interface.
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Note the **slug** value because it will be required later.
- **Choose a Provider type**: select **SAML Provider** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Temporarily set the **ACS URL** to `https://temp.temp`
- Set the **Audience** to `ironcladapp.com`
- Set **Service Provider Binding** to `Post`.
- Under **Advanced protocol settings**:
- Set an available signing certificate.
- Toggle off **Sign assertions**.
- Toggle on **Sign responses**.
- **Property mappings**:
- Add the `givenname` and `familyname` property mappings that you created in the previous section to **Selected User Property Mappings**.
- Click the **x** button to remove all selected property mappings.
- Add the `firstName`, `lastName`, and `email` property mappings that you created in the previous section to **Selected User Property Mappings**.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
3. Click **Submit** to save the new application and provider.
### Download the signing certificate and metadata file
1. Log into authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Applications** > **Providers** and click on the name of the newly created Ironclad provider.
3. Under **Download signing certificate** click the **Download** button. The contents of this certificate will be required in the next section. TEMP????
4. Under **Metadata** click **Download**. This metadata file will be required in the next section.
## Ironclad configuration
Insert Service configuration
1. Write first step here...
2. Continue with steps....
1. Login to the [Ironclad dashboard](https://ironcladapp.com/signin) as an administrator.
2. Click on your profile icon at the top right, and then click on **Company Settings**.
3. In the sidebar, click on **Integrations**, and then under **Other Integrations** click on **SAML**.
4. Click **Add SAML Integration**, and then click on **Show Additional IdP Settings**.
5. Note the **Callback** URL and **Service Provider Identifier** values because they will be needed in the next section.
6. Leave this page open because you will need to return to it after the next section.
## Reconfigure authentik provider
1. Log in to authentik as an admin, and open the authentik Admin interface.
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Applications** > **Providers** and click the **Edit** icon of the newly created Push Security provider.
3. Under **Protocol settgins**, set the following required configurations:
- **ACS URL**: set the acs url to the copied `Single Sign-On URL` (e.g. https:TEMP).
3. Under **Protocol settings**, set the following required configurations:
- **ACS URL**: Set to the **Callback** URL from Ironclad (e.g. `https://ironcladapp.com/saml/<customer-ID>/callback`).
- **Issuer**: Set to the **Service Provider Identifier** value from Ironclad (e.g. `na1.ironcladapp.com`).
4. Click **Update**
## Download the metadata file
1. Log into authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Applications** > **Providers** and click on the name of the newly created Ironclad provider.
3. Under **Metadata** click **Download**. This metadata file will be required in the next section.
## Complete Ironclad configuration
1. Return to the Ironclad SAML configuration page and under **IdP Configuration XML** click on **Choose file**. Select the metadata file that you downloaded from authentik.
2. Set **Entry point** to `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`.
3. Click **Save**.
:::note
Ironclad user accounts must be enabled for SSO login. The original Ironclad administrator account can only be enabled for SSO by Ironclad. You will need to request this from Ironclad support via `support@ironcladapp.com`.
For new user accounts, SSO login can be selected when creating the account.
:::
## Configuration verification
Template sentence that you can typically use here: "To confirm that authentik is properly configured with Ironclad, log out and log back in via authentik."
If there are more specific validation methods for the Service (e.g., clicking a button), include these instructions for clarity.
To confirm that authentik is properly configured with Ironclad, log out and log back in via the [Ironclad Sign In page](https://ironcladapp.com/signin). Enter the email address of an Ironclad SSO enabled account, click **Continue**, and then **Sign in**. Uou should be redirected to authentik to login, and if successful, you should then be redirected to the Ironclad dashboard.