Page tree
Skip to end of metadata
Go to start of metadata

This article describes how to add a channel for identity orchestration in Nexus Hybrid Access Gateway and select and configure a plugin that is able to communicate with the desired service. That channel is used when you make an access rule requiring identity orchestration. When you add this access rule to a web resource, orchestration will be enabled.

Make sure that the web resource uses the same SSO domain as the channel in the access rule.


Expand/Collapse All

Prerequisites

 Prerequisites
  • An SSO domain must be available where the orchestrated identity will be stored.

Step-by-step instruction

 Log in to Hybrid Access Gateway administration interface
  1. Log in to the Hybrid Access Gateway administration interface with your admin user.
 Select plugin

You need a plugin that is able to communicate with the desired service. Default delivered services are a Google Apps, MediaWiki and an SCIM plugin. If another type of service is needed this can be accomplished by writing a new plugin.

  1. In the Hybrid Access Gateway administration interface, go to Manage System.
  2. Click Identity Orchestration and select the Plugins tab to see what plugins that are available and to upload new plugins.
  3. If you upload a plugin, click Save to update the settings.
 Add identity orchestration channel
  1. In the Hybrid Access Gateway administration interface, go to Manage System.
  2. Click Identity Orchestration and select the Channels tab.
  3. Click Add Identity Orchestration channel...
  4. Enter a Display Name.
  5. Select the Plug-in to be used.
  6. Select an SSO Domain. When user have been orchestrated, the orchestrated identity is stored in this SSO domain.
  7. Click Next.
  8. Enter configuration parameters for the channel, for help click the ?-sign.