The interworks.cloud platform can be integrated with external authentication services, providing registration/login capabilities for BSS users who become authenticated through a service or external Identity Providers(IdPs). Such services can be used to identify users maintained in external user stores and map them to BSS/Storefront users providing access to the interworks.cloud platform when logged in (authenticated) from these external sources. |
To have a better understanding of the external authentication process, please check the three following definitions, as well as the "External Authentication Example" that follows.
When a user requests to log-in to a web application (BSS) he has the choice of logging into our BSS with an external authentication service. When the preferred external authentication service is chosen, the user is being redirected to the login page of the authentication service to enter his corresponding credentials. Upon successful authentication, the external service redirects the user back to the original web application along with some necessary information about the user. As a result, the web application utilizes those information to verify the successful authentication of the user by the external authentication service and at the same time gather more information to associate him to a BSS/Storefront user, if he is already registered on BSS/Storefront, or prompt him to register an account with the acquired information from the external authentication service.
The Enterprise IdPs are utilized in recent years by (B2B) organizations and offer the best security possible. Since they are more oriented towards providing authentication services to organizations, they have become the preferred choice by many enterprises when it comes to managing and keeping secure corporate usernames and passwords.
The process of external authentication mandates that both involved systems(external IdP and our BSS) must be manually configured to communicate with each other over a "trust-link", since this "trust-link" relation is not automatically created. Therefore, you can begin configuring and enabling the external authentication features for BSS, by following the guide below:
Go to: BSS Setup > Administration > System Options
Click on the "BSS Login Settings" link, located under the User Authentication section of the page.
By clicking on “BSS Login Settings” you land on the following page.
Here you can perform the following actions:
You can setup your BSS Login Page alias: This alias is essentially the part of the "Client ID" section found on top of the local login credentials of BSS. Therefore, this alias will be used to create the URL for the BSS login page when an external authentication provider is available. The alias URL will redirect to a login page where the Client ID section will no longer be visible (in the form of: "https://<Original BSS url>/<alias>/Login.aspx") and both the local login option and the external authentication sections with the available IdP’s Instance name will be displayed.
BSS Login Page Alias - Rules
|
You can choose which Identity Provider you wish to setup and enable from the list of Enterprise IdPs that appears.
For configuring and enabling any of the following Enterprise Identity Providers please continue to the corresponding guide from the bullet list that follows:
After enabling your preferred identity provider, you will be able to use it as an alternative means to log in to BSS.
You can choose your identity provider from the list named "External Authentication" and by doing so, you are being redirected to the login page of the external authentication service to enter your personal credentials per the chosen IdP, instead of your local BSS credentials.
Multi-Factor Authentication(MFA) If you have enabled the multi-factor authentication for your Azure AD logins, for example, via a message that is sent to your mobile phone or via a mobile phone authentication application, our systems support it by default. |
The two following images are examples of how the External Authentication list looks like on the BSS's login/sign-in page.
A new column named "Login Options" is added to the Users List in BSS Setup > Administration > Users, which contains the Login Options that each user has activated.
You can manage your active External Authentication Provider accounts as well as your active Local Login account by following the guidelines of the Managing External & Internal Login Accounts in BSS page.