SSO connection setup

Adhese can connect with a client's IDP (IDentity Provider) so the client's employees can log into Adhese using their own SSO (Single-Sign On) system. 

 To successfully connect your company's SSO with Adhese's login system, some information needs to be provided: 

 

 Endpoints from your IDP system

 

 authorization_url 

 token_url 

 logout_url 

 user_info_url 

 issuer 

 jwks_url 

 

 

 

 

 example 

 

   

 

 

 

 

 authorization_url 

 

 "https://.../am/oauth2/authorize" 

 

 

 token_url 

 "https://.../am/oauth2/access_token" 

 

 

 

 logout_url 

 

 "https://.../am/oauth2/connect/endSession" 

 

 

 user_info_url 

 "https://.../am/oauth2/userinfo" 

 

 

 issuer 

 "https://.../am/oauth2" 

 

 

 jwks_url 

 "https://.../am/oauth2/connect/jwk_uri" 

 

 

 

 

 

 client_id 

 client_secret 

 

 The client_id and client_secret must correspond to the values registered in the customer's IDP . 

 The issuer and jwks_url must be reachable from Adhese services. 

 Furthermore, roles need to be mapped between Adhese and your IDP. Below is an example where the first part (before =) is the role as it could be in the IDP and the second part (after =) how it can relate to the roles within Adhese. 

 

 Example 

   

 

 

 

 "adhese.ad-master"              

 

 = ["adhese.Self Service Ad Master", "adhese.Creative Master"] 

 

 

 "adhese.read-only"                  

 = ["adhese.Viewer"] 

 

 

 "adhese.admin"                      

 

 = ["adhese.Admin", "admin"] 

 

 

 "adhese.creative-reviewer"  

 = ["adhese.Creative Approver"] 

 

 

 

 

 If you as a client have multiple instances of Adhese (i.e. a testing and a production instance), you can have separate connections for each instance or use the same mapping for both instances.