Authenticating Users to Caspio Apps in Multiple Accounts Using a Single Directory
4 minutes to readIf you want the users stored in your directory to have access to Caspio apps in multiple accounts, configure the connection using your directory’s app connections and SAML SSO authentication method in Authentication. This kind of setup is useful for your organization if you work with multiple Caspio accounts. You do not need to store your users in each account anymore, just keep them in one account in a directory. Provide access to any app in any account by creating app connections with the directory. The user identifier used in the directory should be the same as the user identifier in the data source table of the authentication object you use to protect your app.
Prerequisites:
Make sure that you have:
- A Caspio account with application protected by authentication object (below called an “apps account”)
- Caspio account with your directory (below called a “directory account”).
Steps:
- Open the apps account.
- Open an authentication object or create it.
- Change Setup options to Custom.
- Change authentication method to SAML SSO.
- Select SAML login field.
For test purposes, use the field which stores user email addresses. If you want to use a different field, make sure it matches the identifier selected in step 8 in directory account.
Note: If you do not want to share any user personal data with the apps account, a non-personalized identifier may be useful. Make sure that the same identifier is stored in the directory (directory account) and a data source table of the authentication object in the apps account.
- In a new tab, open your directory in the directory account.
- In the App Connections tab, click Create app connection.
- Use the default Email field as user identifier or create a new unique, text (255) field in directory table to use it as a custom identifier.
- Copy the integration URLs from the authentication object in the apps account to the directory in directory account:
Caspio → Authentications | Caspio directory → App connections |
---|---|
Copy the SP Identifier / Entity ID link…
| …and paste it into Identifier (Identity ID) field in app connections. |
Copy the Assertion Consumer Service / ACS URL link… | …and paste it into the Reply URL (Assertion Consumer Service URL) field in app connections. |
- Click Create and enable.
- Copy the links from the Identity provider settings section of the app connection, and paste them into the Settings section of authentication.
Caspio → Identity provider settings | Caspio directory → App connections |
---|---|
Copy the Identity provider identifier link… | …and paste it into the SAML Provider ID field. |
Copy the Single sign-on URL link… | …and paste it into the Single Sign-on URL field. |
- In directory in Directory account, in the SAML signing certificate section, download the certificate and upload it in the X.509 Certificate field of the authentication in the apps account.
- Save the authentication in the apps account.
- In the data source table of the authentication object, add a new user in the following format: SAML:email, for example,
SAML:john.doe@test.com
. - Add a user whose email address matches the email address in the authentication data source to a newly created app connection.
-
- In your directory, click the App connections tab.
- Hover over an app connection and select Open.
- In the Users tab, select Add users.
- In the Add users to app connection panel, select the users.
- Click Add.
- Create a DataPage (for example, an HTML DataPage) and restrict access to this DataPage with authentication from step 2.
- Deploy a DataPage and access it, for example, in a preview mode.
- On the DataPage, click the Login button.
- You will be redirected to the User portal login page. Enter an email address and credentials of a testing user.
- After logging in, you will gain access to DataPage content.