Single Sign On (SSO) is available for DocBoss. If enabled, users with the company domain will be redirected to their identity provider to sign in to access DocBoss. The instructions below outline how to set up SSO and SCIM with DocBoss when using Ping as the identity provider.
SSO:
- Open Manage Environment -> Application page
- Click to add a new application on the "+" icon near the page title.
- Set the name for the application and choose "OIDC Web App" type. Click to save.
- Copy Client ID, Client Secret on the Configuration tab, general block. Make note of these to send to DocBoss Support.
- Copy OIDC Discovery Endpoint on the Configuration tab, URLs block. Make note of this to send to DocBoss Support.
- Click to edit Configuration settings (edit icon on the top of the configuration tab).
- Set Redirect URIs [we give value to the instance] and set Token Auth Method = "Client Secret Post".
- Choose "Resources" tab and click to edit allowed scopes.
- Select "email" and "profile" scopes and save.
SCIM:
- Open Manage Environment -> Directory -> User Attributes page.
- Click to add a new attributes on the "+" icon near the page title.
- Add two attributes: userType and affiliate, type = declared.
- Open Manage Environment ->Integrations -> Provisioning page (see below)
- Click to add a new connection on the "+" icon near the page title.
- Choose a connection type "Identity Store".
- Choose "SCIM Outbound" and click next.
- Set the name for the application and click next.
- Set following values and click next :
- SCIM BASE URL = https://systemX.docboss.com/scim/v2 [X should be replaced with system number empty or 2, 3, 4, 5, 6]
- SCIM Version = 2.0
- Authentication Method = OAuth 2 Bearer Token
- Oauth Access Token = Docboss long term token [copy from docboss]
- Set User Filter Expression = userName eq "%s" and click to save [case sensitive]
- Click on the "+" icon near the page title to add a new rule
- Set the name and click to create the rule.
- Select created connection and save
- Click to edit filter and set how the users should be selected for provisioning and save
- Add mapping for fields. Remove excess fields added for mapping by default.
- List of all avaliable parameters:
- "userName" - required, value should be unique. Value will be saved as login for user
- "familyName" - required
- "givenName" - required
- "active" - required. Value is used to disable\enable user
- "userType" - not required. If user doesn't add field to mapping OR send empty value "View" role will be saved. Allowed values are Admin, Full, Reviewer, View [case sensetive]
- "affiliate" - not required. Created with instance affiliate will be set for user
- "title" - not required. User can skip adding this field to mapping
- Enable connection
- Enable rule