From e20fddaf79be1a27077b6c2e26f1c84e97f0c90b Mon Sep 17 00:00:00 2001 From: Dewi Roberts Date: Fri, 9 May 2025 16:10:11 +0100 Subject: [PATCH] Changed wording and updated property mappings --- .../integrations/services/ironclad/index.mdx | 47 +++++++++++-------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/website/integrations/services/ironclad/index.mdx b/website/integrations/services/ironclad/index.mdx index 96eb13a573..535dbb935a 100644 --- a/website/integrations/services/ironclad/index.mdx +++ b/website/integrations/services/ironclad/index.mdx @@ -24,31 +24,39 @@ This documentation lists only the settings that you need to change from their de To support the integration of Ironclad with authentik, you need to create a property mapping, and an application/provider pair in authentik. -### Create a property mapping +### Create property mappings -Ironclad requires a first and last name for each user. By default authentik only provides a full name, as a single string value. Therefore you need to create a property mapping to provide first and last names to Ironclad. +Ironclad requires a first and last name for each user. By default authentik only provides a full name, as a single string value. Therefore you need to create property mappings to provide first and last names to Ironclad. 1. Log in to authentik as an admin, and open the authentik Admin interface. 2. Navigate to **Customization** > **Property Mappings** and click **Create**. - - **Select type**: select **Scope Mapping** as the property mapping type. - - **Configure the Scope Mapping**: Provide a descriptive name (e.g. `Ironclad Profile Scope`), and an optional description. + - **Select type**: select **SAML Provider Property Mapping** as the property mapping type. + - **Configure the SAML Provider Property Mapping**: - - **Scope name**: `profile` + - **Name**: `givenname` + - **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname` - **Expression**: - ```python showLineNumbers - return { - "name": request.user.name, - "preferred_username": request.user.username, - "nickname": request.user.username, - "groups": [group.name for group in request.user.ak_groups.all()], - "last_name": request.user.name.rsplit(" ", 1)[-1], - "first_name": request.user.name.rsplit(" ", 1)[0], - } - ``` + ```python + return request.user.name.rsplit(" ", 1)[0] + ``` 3. Click **Finish** to save the property mapping. +4. Click **Create**. + + - **Select type**: select **SAML Provider Property Mapping** as the property mapping type. + - **Configure the SAML Provider Property Mapping**: + + - **Name**: `familyname` + - **SAML Attribute Name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname` + - **Expression**: + + ```python + return request.user.name.rsplit(" ", 1)[-1] + ``` + +5. Click **Finish** to save the property mapping. ### Create an application and provider in authentik @@ -60,18 +68,17 @@ Ironclad requires a first and last name for each user. By default authentik only - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Temporarily set the **ACS URL** to `https://temp.temp` - - Set the **Audience** to `https://ironcladapp.com` + - Set the **Audience** to `ironcladapp.com` - Under **Advanced protocol settings**: - Set an available signing certificate. - - **Scopes**: - - Remove `authentik default OAuth Mapping: OpenID 'profile'` from **Selected Scopes**. - - Add the scope that you created in the previous section (e.g. `Ironclad Profile Scope`) to **Selected Scopes**. + - **Property mappings**: + - Add the `givenname` and `familyname` property mappings that you created in the previous section to **Selected User Property Mappings**. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. 3. Click **Submit** to save the new application and provider. -### Download the signing certificate TEMP?? and metadata file +### Download the signing certificate and metadata file 1. Log into authentik as an admin, and open the authentik Admin interface. 2. Navigate to **Applications** > **Providers** and click on the name of the newly created Ironclad provider.