Enterprise Deployment
Connecting your identity provider to Confidencial

Connecting your identity provider to Confidencial

ℹ️
This document shows you how to connect to your identity provider, allowing your enterprise’s users to log in to Confidencial using their existing accounts.
The details of how to connect to your identity provider (IDP) vary depending on the IDP being connected to, but in most cases, the process amounts to creating an application within your IDP and then assigning users to that application. See the links below for how to connect to your IDP.
Creating an application in OktaAssigning users to an application in OktaCreating an application in Azure Active Directory (AD)Assigning users to an application in Azure AD

Creating an application in Okta

  1. Log in to your Okta instance’s admin portal
  1. Click Applications under the Applications item in the side menu
  1. Click the Create App Integration button
  1. Select OIDC - OpenID Connect and Web Application for Sign-in method and Application type, respectively; click Next
  1. Ensure the following settings are entered:
    1. App integration name: Confidencial
    2. Grant type: Authorization Code (the only option that should be selected)
    3. Sign-in redirect URIs: https://auth.confidencial.io/login/callback
    4. Sign-out redirect URIs: https://my.confidencial.io
  1. For Controlled access, select either “Allow everyone in your organization to access” or “Limit access to selected groups,” depending on who you want to be able to log in to Confidencial.
    1. If you selected “Allow everyone…,” leave “Enable immediate access with Federation Broker Mode” selected if you want everyone in your organization to be able to access Confidencial. Deselect “Enable immediate access with Federation Broker Mode” if you want to specify the users and groups that can access Confidencial.
    2. If you selected “Limit access…,” enter the group(s) you’d like to access Confidencial under Selected group(s).
  1. Click Save
ℹ️
This completes creation of the Okta application and generates a Client Secret that must be securely transmitted to Confidencial during account set up (along with the Okta Domain and Client ID).
➡️
Proceed to the next section, Assigning users to an application in Okta

Assigning users to an application in Okta

ℹ️
These steps are not necessary if you left “Enable immediate access with Federation Broker Mode” selected in Step 6 above.
  1. Click Applications under the Applications item in the side menu
  1. Click Confidencial in the list of applications
  1. Click the Assignments tab
  1. Click Assign to add users and groups that can log in to Confidencial
This completes the setup of Okta for use with Confidencial. You will now work with the Confidencial team to securely transmit application details.

Creating an application in Azure Active Directory (AD)

  1. Log in to the Microsoft Azure portal
  1. Click Azure Active Directory
  1. Click App Registrations from the side menu
  1. Click New Registration from the top toolbar
  1. Ensure the following settings are entered:
    1. Name: Confidencial
    2. Supported account types: Select either “Accounts in this organizational directory only,” “Accounts in any organizational directory,” or Accounts in any organization directory and personal Microsoft accounts,” depending on who you want to be able to join your Confidencial organization
        3. ℹ️
        Most organizations will want to select “Accounts in this organizational directory only,” as users outside your organization can log in to Confidencial via their own organization account or via an individual account.
    3. Redirect URI: Choose “Web” in the Select a platform drop down menu and enter https://auth.confidencial.io/login/callback in the input box
  1. Click Register
  1. Click Enterprise Applications from the side menu
  1. Click Confidencial in the list of applications
  1. Click Properties from the side menu
  1. If you want to specify the users that can log in to Confidencial, set Assignment required to “Yes,” otherwise, all users* will be able to log in to Confidencial
      2. All users with a supported account type specified in Step 5.b above
      All users with a supported account type specified in Step 5.b above
ℹ️
This completes creation of the Azure AD application and generates a Client Secret that must be securely transmitted to Confidencial during account set up (along with the Azure AD Domain and Client ID).
➡️
Proceed to the next section, Assigning users to an application in Azure AD

Assigning users to an application in Azure AD

ℹ️
These steps are only necessary if you selected “Yes” for Assignment required in Step 10 above.
  1. From the Azure Active AD home screen, click Enterprise Applications from the side menu
  1. Click Confidencial in the list of applications
  1. Click Users and groups from the side menu
  1. Click Add user/group to add users and groups that can log in to Confidencial
This completes the setup of Azure AD for use with Confidencial. You will now work with the Confidencial team to securely transmit application details.