Help Center/ OneAccess/ User Guide/ Enterprise Administrator Guide/ Resources/ Applications/ Adding an Application
Updated on 2024-12-30 GMT+08:00
View PDF
Share

Adding an Application

OneAccess provides pre-integrated applications that you can use out-of-the-box. You can also add custom applications.

Adding a Custom Application

Custom applications are applications developed by your enterprise or any software as a service (SaaS) or commercial applications not included in the pre-integrated application list.

  1. Log in to the administrator portal.
  2. On the top navigation bar, choose Resources > Applications.
  3. On the Applications page, click Add Custom Application.
  4. Enter an application name and its logo, and click Save.
  5. Configure the parameters required so that the application can be accessed by users. For details, see Applications.

Adding a Pre-integrated Application

OneAccess has pre-integrated some applications based on their development APIs and protocols.

  1. Log in to the administrator portal.
  2. On the top navigation bar, choose Resources > Applications.
  3. On the Applications page, click Add Pre-integrated Application.
  4. Click the pre-integrated application you want to add.
  5. On the Add Application page, edit the general information, set the application name, and click Next.
  6. Set the authentication parameters. The authentication integration mode and authentication parameters vary depending on the application.

    SAML is used for illustration. You can upload the metadata file or manually edit metadata on the OneAccess console.
    • Upload a metadata file
      1. In the Authentication Parameters step, click Import SP Metadata.
      2. Click Select File and select the metadata file you have obtained from the application service provider (SP).
        • If a message indicating incorrect file type is displayed, upload the correct metadata file or edit the metadata manually.
        • For details about how to obtain the metadata, see the documentation of the application.
      3. When the Select File button changes to , the metadata is extracted. Then click Next.
    • Edit metadata
      1. In the Authentication Parameters step, click Configure Metadata.
      2. Set the parameters listed in the following table according to the metadata file you have obtained.

    Table 1 Authentication parameters

    Parameter

    Description

    * SP Entity ID

    Unique identifier of an SP. Enter the value of Entity ID displayed in the SP metadata file.

    * ACS URL

    SP callback URL that receives a response when OneAccess authentication is successful. Enter the value of AssertionConsumerService displayed in the SP metadata file.

    * Name ID

    Select a user attribute or account attribute. The attribute value will be used as the subject of the assertion.

    NameID Format

    Username format supported by the SP. Enter the value of NameIDFormat displayed in the SP metadata file.

    Audience URI

    Audience for which the SAML assertion is intended. By default, this field is the same as SP Entity ID.

    Single Logout URL

    URL to which users will be redirected after logging out of their sessions. Enter the value of SingleLogoutService displayed in the SP metadata file. The SingleLogoutService parameter in the metadata file must support HTTP Redirect or HTTP POST.

    Relay State

    Default URL to which users will be redirected after successful login.

    Response Signature

    This option indicates whether to sign SAML responses using the IdP's certificate.

    Assertion Signature

    This option indicates whether to sign assertions using the IdP's certificate. Enter the value of WantAssertionsSigned displayed in the SP metadata file.

    Digital Signature Algorithm

    Algorithm of SAML response or assertion signature. RSA_SHA256, RSA_SHA512, and RSA_RIPEMD160 are supported. You can select a value from the drop-down list box.

    Digital Digest Algorithm

    Algorithm used to create digests for SAML responses or assertions. SHA256, SHA512, and RIPEMD160 are supported. You can select a value from the drop-down list box.

    Assertion Encryption

    This option indicates whether to encrypt assertions.

    Request Signature Validation

    This option indicates whether to sign SAML requests. Enter the AuthnRequestsSigned value in the SP metadata file.

    * Signature Certificate Validation

    SP public key certificate, which is used to verify SAML request signatures. Enter the value of use="signing" displayed in the SP metadata file.

  7. Configure the synchronization parameters. The synchronization modes and parameters of different applications may be different.

    Coremail is used as an example to describe how to set synchronization integration parameters.
    1. Set authentication parameters and click Next.
    2. On the synchronization configuration page, set parameters and click Test to test whether the configuration is correct. After the configuration is complete, click Next. For details about how to configure other menus, see Applications.

Parent topic: Applications