Versions Compared

Old Version 6

changes.mady.by.user Kristin Ivanova

Saved on

compared with

New Version Current

changes.mady.by.user Kristin Ivanova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page provides information on how to set up corporate sign in for Chaos login. 

Floatingpagetoc


Overview

...

Chaos web page allows users to create and manage their own password-based accounts and use them to log in. While this works well for individual customers, enterprise customers may wish to have a more customized login experience, according to their internal company requirements. To meet that demand, we have introduced the Corporate Sign In option to the Chaos login page.

...

Fancy Bullets
typecircle

  • Changes to the users' names are automatically adjusted in Chaos system

  • An administrator can centrally deactivate a user in their identity provider service and that deactivation would be automatically  applied to the respective user in Chaos system 

 


Basics

...

Let's explore the technical aspects of the Corporate Sign In integration. This will help you prepare for the subsequent configuration sections.

...

Depending on which are available, this information can be looked up from a number of fields ("name", "given_name", "family_name", "email", "upn") in the ID token.

 


SCIM

SCIM is another popular standard that works well with OpenID Connect. While OpenID Connect works well to delegate the authentication to an external identity provider service, it does not provide a way for the target system to be informed of any user state changes in the enterprise’s identity provider. SCIM fills that gap by managing user provisioning from the customer’s identity provider service to the target system.

...

UI Text Box
typenote

 A deactivated user is maintained in the Chaos system but cannot login or use any resources until reactivated.

...


Getting Started

...


Using Corporate Sign In

...

Once selected, the user is asked to input their email address.

 


...


Chaos uses the email domain name to determine which Corporate Sign In integration to use. Based on that the user is redirected to log into the relevant identity provider service. 

For example, for Azure this looks as follows:


 

 

By default the Chaos login form forwards the email address to the corporate identity provider login page. However, if you are not using email addresses for login in your identity provider, the forwarding behavior can be disabled, which allows to use username or some other indication at your identity provider’s login page instead.

...

Once the user is logged in the company corporate login page, they are redirected back to the Chaos login page, where a session is established. The user is now able to use the Chaos web page as though they logged in via password.

 


Requesting Corporate Sign In

...

To have the feature enabled, as an administrator open a Support ticket to Chaos or contact your Chaos Key Account Manager requesting Corporate Sign In to be set for your company. This process continues with a number of configurations done in the Chaos system and with the exchange of credentials that are required for the two systems to communicate securely (your company's and Chaos). Depending on the identity provider service used, these may vary.

 



Configuring Corporate Sign In

...

Logging out of Chaos does not log the user out of their corporate Identity Provider or other applications that were accessed through that Identity Provider. 


Footnotes

...

Anchor
1
1
 1. – The Self-Service Portal is enabled upon client request. In case you are interested in, please contact your Chaos Account Manager or get in touch with us at: https://www.chaosgroup.com/help/contact/sales