From 4b90ee7922aefb21b227e64651d94a15e66fcb0c Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Fri, 27 May 2022 09:19:33 -0400 Subject: [PATCH 1/9] BigAnimal: adding creating an AWS SSO IdP topic Created file by copying Azure topic --- .../identity_provider/aws_sso.mdx | 59 +++++++++++++++++++ .../identity_provider/index.mdx | 1 + 2 files changed, 60 insertions(+) create mode 100644 product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx new file mode 100644 index 00000000000..6254427aec0 --- /dev/null +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx @@ -0,0 +1,59 @@ +--- +title: "Using AWS SSO as your identity provider" +navTitle: "AWS SSO" +description: "Using AWS SSO as your identity provider for your Azure account" +--- + +## Prerequisites + +To connect BigAnimal to Azure AD, you must either: + +- Have one of the following roles in Azure: + + - Global Administrator + - Cloud Application Administrator + - Application Administrator + +- Be the owner of the service principal + +A unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact [cloudcare@enterprisedb.com](mailto:cloudcare@enterprisedb.com) if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. For issues with the code or identity provider setup, contact [Support](/biganimal/release/overview/support). + +## Set up BigAnimal with Azure AD + +1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com. +1. In a separate browser tab or window, log into the [Azure Active Directory Admin Center](https://aad.portal.azure.com/). +1. From the left navigation pane, select **Enterprise Applications**. On the Enterprise Applications page: + 1. Select **New application > Create your own application**. + + 1. Enter a name for your application. + 1. Select the third choice for what you intend to do with your application: **Integrate any other application you don’t find in the gallery (Non-gallery)**. +1. After the application is created, from the left navigation menu, select **Single sign-on**. On the Single sign-on page: + 1. Select **SAML** as your single sign-on method. + 1. Update the Basic SAML Configuration by copying and pasting the following information from the Set Up Identity Provider page in BigAnimal to the SAML Configuration menu in Azure AD: + + | Copy from BigAnimal | Paste in SAML Configuration | + | ------------------------------ | --------------------------- | + | Audience URI | Identifier (Entity ID) | + | Assertion Consumer Service URL | Reply URL | + + 1. Enter the configuration for Attributes & Claims. We recommend the following: + + | Claim name | Value | Note | + |----------------------------------|-----------------------------------------------------|------------------| + | Unique User Identifier (Name ID) | user.userprincipalname [nameid-format:emailAddress] | Required claim | + | <assertion_path>/emailaddress | user.mail | Additional claim | + | <assertion_path>/givenname | user.givenname | Additional claim | + | <assertion_path>/name | user.displayname | Additional claim | + | <assertion_path>/surname | user.surname | Additional claim | + + Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims. + + 1. Under **SAML Signing Certificate**, select **Download** for the Base64-encoded certificate. + 1. Copy the **Login URL** value. +1. From the left navigation pane, Select **Properties**. On the Properties page, if you don't want all of the users in Azure AD to use BigAnimal, answer `No` for the **Assignment required?** question. Otherwise, answer `Yes` and assign the specified users to this Enterprise Application explicitly on the Users and Groups page. +1. On the **Setup Config** tab on the Set Up Identity Provider page in BigAnimal: + 1. Paste the Login URL value you copied from the Single sign-on page in Azure AD as the **Single Sign-On URL**. + 1. For **Identity Provider Signature Certificate**, upload the Base64-encoded certificate downloaded from Azure. + 1. Select the appropriate method for **Request Binding**. Azure AD supports HTTP-POST and Hybrid. + 1. Select the appropriate value for **Response Signature Algorithm**. Azure AD supports rsa-sha256 and rsa-sha1. + 1. Select **Test Connection**. If the connection is successful, select **Sign in to BigAnimal** to complete the setup process in the BigAnimal portal. diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/index.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/index.mdx index 6eb95101867..bf04e97c5fa 100644 --- a/product_docs/docs/biganimal/release/getting_started/identity_provider/index.mdx +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/index.mdx @@ -75,6 +75,7 @@ You add users through your identity provider. A user who is added in the identit For step-by-step instructions for setting up specific identity providers, see: - [Using Auth0 as your identity provider](auth0) +- [Using AWS SSO as your identity provider](aws_sso) - [Using Azure AD as your identity provider](azure_ad) - [Using Google Workspace (G Suite) as your identity provider](google) - [Using Okta as your identity provider](okta) From d63663236ead18a798b419bda01e5d750b32d9bf Mon Sep 17 00:00:00 2001 From: Chris Estes <106166814+ccestes@users.noreply.github.com> Date: Fri, 27 May 2022 15:26:30 -0400 Subject: [PATCH 2/9] Update aws_sso.mdx --- .../identity_provider/aws_sso.mdx | 86 +++++++++---------- 1 file changed, 40 insertions(+), 46 deletions(-) diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx index 6254427aec0..e50ac4c3116 100644 --- a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx @@ -6,54 +6,48 @@ description: "Using AWS SSO as your identity provider for your Azure account" ## Prerequisites -To connect BigAnimal to Azure AD, you must either: - -- Have one of the following roles in Azure: - - - Global Administrator - - Cloud Application Administrator - - Application Administrator - -- Be the owner of the service principal +-To connect BigAnimal to Amazon Web Services Single Sign-On (AWS SSO), your AWS account must have administrator access. A unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact [cloudcare@enterprisedb.com](mailto:cloudcare@enterprisedb.com) if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. For issues with the code or identity provider setup, contact [Support](/biganimal/release/overview/support). -## Set up BigAnimal with Azure AD +## Set up BigAnimal with AWS SSO 1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com. -1. In a separate browser tab or window, log into the [Azure Active Directory Admin Center](https://aad.portal.azure.com/). -1. From the left navigation pane, select **Enterprise Applications**. On the Enterprise Applications page: - 1. Select **New application > Create your own application**. - - 1. Enter a name for your application. - 1. Select the third choice for what you intend to do with your application: **Integrate any other application you don’t find in the gallery (Non-gallery)**. -1. After the application is created, from the left navigation menu, select **Single sign-on**. On the Single sign-on page: - 1. Select **SAML** as your single sign-on method. - 1. Update the Basic SAML Configuration by copying and pasting the following information from the Set Up Identity Provider page in BigAnimal to the SAML Configuration menu in Azure AD: - - | Copy from BigAnimal | Paste in SAML Configuration | - | ------------------------------ | --------------------------- | - | Audience URI | Identifier (Entity ID) | - | Assertion Consumer Service URL | Reply URL | - - 1. Enter the configuration for Attributes & Claims. We recommend the following: - - | Claim name | Value | Note | - |----------------------------------|-----------------------------------------------------|------------------| - | Unique User Identifier (Name ID) | user.userprincipalname [nameid-format:emailAddress] | Required claim | - | <assertion_path>/emailaddress | user.mail | Additional claim | - | <assertion_path>/givenname | user.givenname | Additional claim | - | <assertion_path>/name | user.displayname | Additional claim | - | <assertion_path>/surname | user.surname | Additional claim | - - Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims. - - 1. Under **SAML Signing Certificate**, select **Download** for the Base64-encoded certificate. - 1. Copy the **Login URL** value. -1. From the left navigation pane, Select **Properties**. On the Properties page, if you don't want all of the users in Azure AD to use BigAnimal, answer `No` for the **Assignment required?** question. Otherwise, answer `Yes` and assign the specified users to this Enterprise Application explicitly on the Users and Groups page. -1. On the **Setup Config** tab on the Set Up Identity Provider page in BigAnimal: - 1. Paste the Login URL value you copied from the Single sign-on page in Azure AD as the **Single Sign-On URL**. - 1. For **Identity Provider Signature Certificate**, upload the Base64-encoded certificate downloaded from Azure. - 1. Select the appropriate method for **Request Binding**. Azure AD supports HTTP-POST and Hybrid. - 1. Select the appropriate value for **Response Signature Algorithm**. Azure AD supports rsa-sha256 and rsa-sha1. - 1. Select **Test Connection**. If the connection is successful, select **Sign in to BigAnimal** to complete the setup process in the BigAnimal portal. +1. In a separate browser tab or window, log into your AWS account and go to [**AWS Single Sign-On**] (https://aws.amazon.com/single-sign-on/). +1. Enable SSO or switch to a region where SSO is enabled (AWS Organizations only support SSO in one region at a time). +1. From the left navigation pane, select **Applications** or click the link in Step 3 on the **Dashboard**. +1. Create and name the applcication in the Application catalog. + 1. Select **Add a custom SAML 2.0 application**. + 1. Name the application, BigAnimal or otherwise, under **Display Name**. +1. At the bottom of the page under **Application metada**, click the link "If you don't have a metadata file...". + 1. Open the Set Up Identity Provider page in BigAnimal. + 2. Copy the following information from BigAnimal and Paste it into the Applciation metadad section. + | Copy from BigAnimal | Paste into Application Metadata | + | ------------------------------ | ------------------------------- | + | Assertion Consumer Service URL | Applciation ACS URL | + | Audience URI | Application SAML audience | +1. Click **Save changes** at the bottom of the AWS page. +1. Go to your newly-created application (appearing under its Display Name) and select the **Attribute mappings** tab. +1. Add your desired attributes: + 1. Enter BigAnimal attributes under **User attribute in the application**. + 2. Enter AWS SSO attributes under **Maps to this string value or user attribute in AWS SSO**. + | BigAnimal Attributes | Supported AWS SSO Attributes | + | -------------------------------------------------------------------- | ---------------------------- | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | ${user:givenName} | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | ${user:familyName} | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | ${user:preferredUsername} | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | ${user:name} | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | ${user:email} | + 3. Choose an appropriate **Format** for each attribute (for example: emailAddress). +1. Go to the **Assigned users** tab and select the **Assign users** button to allow users access to the application. +1. Go to the **Configuration** tab and scroll down to the **AWS SSO metadata** section. + 1. Copy the **AWS SSO sign-in URL**. + 2. Click **Download certificate** to install the AWS SSO certificate. +1. On the Setup Identity Provider page in BigAnimal, select the **Setup Config** tab. + 1. Paste the **AWS SSO sign in URL** into the **Single Sign-On URL** field in BigAnimal. + 1. Click **Choose File** and select the **AWS SSO certificate* from your files. + 1. Select HTTP-POST for the **Request Binding**. + 1. Enter a **Response Signature Algorithm**. We reccomend rsa-sha256. + 1. Click **Test Connection**. + 1. Enter the AWS user credentials that you granted access. + 1. If the Test Connections is successful, then click **Sign in to BigAnimal** to complete the setup process in the BigAnimal portal. From 570a036fffc46797761e38f24e8c9d99008df049 Mon Sep 17 00:00:00 2001 From: Chris Estes <106166814+ccestes@users.noreply.github.com> Date: Fri, 27 May 2022 15:54:35 -0400 Subject: [PATCH 3/9] Update aws_sso.mdx --- .../identity_provider/aws_sso.mdx | 34 +++++++++++-------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx index e50ac4c3116..e9f822e8484 100644 --- a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx @@ -1,43 +1,47 @@ --- -title: "Using AWS SSO as your identity provider" +title: "Using Amazon Web Servies Single Sign-On (AWS SSO) as your identity provider" navTitle: "AWS SSO" description: "Using AWS SSO as your identity provider for your Azure account" --- ## Prerequisites --To connect BigAnimal to Amazon Web Services Single Sign-On (AWS SSO), your AWS account must have administrator access. +- To connect BigAnimal to AWS SSO, your AWS account must have administrator access. -A unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact [cloudcare@enterprisedb.com](mailto:cloudcare@enterprisedb.com) if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. For issues with the code or identity provider setup, contact [Support](/biganimal/release/overview/support). +- A unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact [cloudcare@enterprisedb.com](mailto:cloudcare@enterprisedb.com) if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. For issues with the code or identity provider setup, contact [Support](/biganimal/release/overview/support). ## Set up BigAnimal with AWS SSO 1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com. -1. In a separate browser tab or window, log into your AWS account and go to [**AWS Single Sign-On**] (https://aws.amazon.com/single-sign-on/). +1. In a separate browser tab or window, log into your AWS account and go to [**AWS Single Sign-On**](https://aws.amazon.com/single-sign-on/). 1. Enable SSO or switch to a region where SSO is enabled (AWS Organizations only support SSO in one region at a time). 1. From the left navigation pane, select **Applications** or click the link in Step 3 on the **Dashboard**. -1. Create and name the applcication in the Application catalog. +1. Create and name the application in the **Application catalog**. 1. Select **Add a custom SAML 2.0 application**. - 1. Name the application, BigAnimal or otherwise, under **Display Name**. + 1. Name the application under **Display Name**. The application will be visisble to yours users under this name. 1. At the bottom of the page under **Application metada**, click the link "If you don't have a metadata file...". 1. Open the Set Up Identity Provider page in BigAnimal. - 2. Copy the following information from BigAnimal and Paste it into the Applciation metadad section. + 2. Copy the following information from BigAnimal and Paste it into the Application metadata section. + | Copy from BigAnimal | Paste into Application Metadata | | ------------------------------ | ------------------------------- | | Assertion Consumer Service URL | Applciation ACS URL | | Audience URI | Application SAML audience | + 1. Click **Save changes** at the bottom of the AWS page. 1. Go to your newly-created application (appearing under its Display Name) and select the **Attribute mappings** tab. 1. Add your desired attributes: 1. Enter BigAnimal attributes under **User attribute in the application**. 2. Enter AWS SSO attributes under **Maps to this string value or user attribute in AWS SSO**. - | BigAnimal Attributes | Supported AWS SSO Attributes | - | -------------------------------------------------------------------- | ---------------------------- | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | ${user:givenName} | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | ${user:familyName} | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | ${user:preferredUsername} | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | ${user:name} | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | ${user:email} | + + | BigAnimal Attributes | Supported AWS SSO Attributes | + | -------------------------------------------------------------------- | ---------------------------- | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | ${user:givenName} | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | ${user:familyName} | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | ${user:preferredUsername} | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | ${user:name} | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | ${user:email} | + 3. Choose an appropriate **Format** for each attribute (for example: emailAddress). 1. Go to the **Assigned users** tab and select the **Assign users** button to allow users access to the application. 1. Go to the **Configuration** tab and scroll down to the **AWS SSO metadata** section. @@ -45,7 +49,7 @@ A unique URL and access code are provided in an email from cloudcare@enterprised 2. Click **Download certificate** to install the AWS SSO certificate. 1. On the Setup Identity Provider page in BigAnimal, select the **Setup Config** tab. 1. Paste the **AWS SSO sign in URL** into the **Single Sign-On URL** field in BigAnimal. - 1. Click **Choose File** and select the **AWS SSO certificate* from your files. + 1. Click **Choose File** and select the **AWS SSO certificate** from your files. 1. Select HTTP-POST for the **Request Binding**. 1. Enter a **Response Signature Algorithm**. We reccomend rsa-sha256. 1. Click **Test Connection**. From f9794d35814ee028fd74bf2d5632584350de8979 Mon Sep 17 00:00:00 2001 From: Chris Estes <106166814+ccestes@users.noreply.github.com> Date: Tue, 31 May 2022 11:09:49 -0400 Subject: [PATCH 4/9] Update aws_sso.mdx --- .../identity_provider/aws_sso.mdx | 37 +++++++++---------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx index e9f822e8484..f3da684b15e 100644 --- a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx @@ -1,25 +1,25 @@ --- -title: "Using Amazon Web Servies Single Sign-On (AWS SSO) as your identity provider" +title: "Using AWS SSO as your identity provider" navTitle: "AWS SSO" description: "Using AWS SSO as your identity provider for your Azure account" --- ## Prerequisites -- To connect BigAnimal to AWS SSO, your AWS account must have administrator access. +- To connect BigAnimal to Amazon Web Services Signle Sign-On(AWS SSO), your AWS account must have administrator access. - A unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact [cloudcare@enterprisedb.com](mailto:cloudcare@enterprisedb.com) if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. For issues with the code or identity provider setup, contact [Support](/biganimal/release/overview/support). ## Set up BigAnimal with AWS SSO 1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com. -1. In a separate browser tab or window, log into your AWS account and go to [**AWS Single Sign-On**](https://aws.amazon.com/single-sign-on/). -1. Enable SSO or switch to a region where SSO is enabled (AWS Organizations only support SSO in one region at a time). -1. From the left navigation pane, select **Applications** or click the link in Step 3 on the **Dashboard**. +1. You will be copying and pasting between BigAnimal and AWS so in a separate browser tab or window log into your AWS account and go to the [**AWS SSO console**](https://console.aws.amazon.com/singlesignon). +1. Choose **Enable AWS SSO** or if SSO is already enabled on your account, then continue to the next step. You may need to switch to a region where SSO is enabled (AWS Organizations only support SSO in one region at a time). +1. From the left navigation pane, select **Applications** or select the link in Step 3 on the **Dashboard**. 1. Create and name the application in the **Application catalog**. 1. Select **Add a custom SAML 2.0 application**. - 1. Name the application under **Display Name**. The application will be visisble to yours users under this name. -1. At the bottom of the page under **Application metada**, click the link "If you don't have a metadata file...". + 1. Name the application under **Display Name**. The application will be visisble to your users under this name. +1. At the bottom of the page under **Application metada**, select the link "If you don't have a metadata file...". 1. Open the Set Up Identity Provider page in BigAnimal. 2. Copy the following information from BigAnimal and Paste it into the Application metadata section. @@ -28,30 +28,29 @@ description: "Using AWS SSO as your identity provider for your Azure account" | Assertion Consumer Service URL | Applciation ACS URL | | Audience URI | Application SAML audience | -1. Click **Save changes** at the bottom of the AWS page. +1. Select **Save changes** at the bottom of the AWS page. 1. Go to your newly-created application (appearing under its Display Name) and select the **Attribute mappings** tab. 1. Add your desired attributes: 1. Enter BigAnimal attributes under **User attribute in the application**. 2. Enter AWS SSO attributes under **Maps to this string value or user attribute in AWS SSO**. - | BigAnimal Attributes | Supported AWS SSO Attributes | - | -------------------------------------------------------------------- | ---------------------------- | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | ${user:givenName} | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | ${user:familyName} | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | ${user:preferredUsername} | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | ${user:name} | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | ${user:email} | + - /Supported AWS SSO Attributes + - /${user:givenName} + - /${user:familyName} + - /${user:preferredUsername} + - /${user:name} + - /${user:email} 3. Choose an appropriate **Format** for each attribute (for example: emailAddress). 1. Go to the **Assigned users** tab and select the **Assign users** button to allow users access to the application. 1. Go to the **Configuration** tab and scroll down to the **AWS SSO metadata** section. 1. Copy the **AWS SSO sign-in URL**. - 2. Click **Download certificate** to install the AWS SSO certificate. + 2. Select **Download certificate** to install the AWS SSO certificate. 1. On the Setup Identity Provider page in BigAnimal, select the **Setup Config** tab. 1. Paste the **AWS SSO sign in URL** into the **Single Sign-On URL** field in BigAnimal. - 1. Click **Choose File** and select the **AWS SSO certificate** from your files. + 1. Select **Choose File** and select the **AWS SSO certificate** from your files. 1. Select HTTP-POST for the **Request Binding**. 1. Enter a **Response Signature Algorithm**. We reccomend rsa-sha256. - 1. Click **Test Connection**. + 1. Select **Test Connection**. 1. Enter the AWS user credentials that you granted access. - 1. If the Test Connections is successful, then click **Sign in to BigAnimal** to complete the setup process in the BigAnimal portal. + 1. If the Test Connections is successful, then Select **Sign in to BigAnimal** to complete the setup process in the BigAnimal portal. From 9ead920c0507b8beceeba18ee0c2f8fddd78484f Mon Sep 17 00:00:00 2001 From: Chris Estes <106166814+ccestes@users.noreply.github.com> Date: Tue, 31 May 2022 12:40:35 -0400 Subject: [PATCH 5/9] Draft edits to aws_sso --- .../identity_provider/aws_sso.mdx | 33 +++++++++++++------ 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx index f3da684b15e..c58242ec784 100644 --- a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx @@ -14,7 +14,10 @@ description: "Using AWS SSO as your identity provider for your Azure account" 1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com. 1. You will be copying and pasting between BigAnimal and AWS so in a separate browser tab or window log into your AWS account and go to the [**AWS SSO console**](https://console.aws.amazon.com/singlesignon). -1. Choose **Enable AWS SSO** or if SSO is already enabled on your account, then continue to the next step. You may need to switch to a region where SSO is enabled (AWS Organizations only support SSO in one region at a time). +1. Choose **Enable AWS SSO** or if SSO is already enabled on your account, then continue to the next step. + !!! note + You may need to switch to a region where SSO is enabled. AWS Organizations support SSO in only one region at a time. + !!! 1. From the left navigation pane, select **Applications** or select the link in Step 3 on the **Dashboard**. 1. Create and name the application in the **Application catalog**. 1. Select **Add a custom SAML 2.0 application**. @@ -32,14 +35,24 @@ description: "Using AWS SSO as your identity provider for your Azure account" 1. Go to your newly-created application (appearing under its Display Name) and select the **Attribute mappings** tab. 1. Add your desired attributes: 1. Enter BigAnimal attributes under **User attribute in the application**. + + | Attributes in BigAnimal | + | -------------------------------------------------------------------- | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | + | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | + 2. Enter AWS SSO attributes under **Maps to this string value or user attribute in AWS SSO**. - - /Supported AWS SSO Attributes - - /${user:givenName} - - /${user:familyName} - - /${user:preferredUsername} - - /${user:name} - - /${user:email} + | Supported AWS SSO attributes | + | ---------------------------- | + | ${user:givenName} | + | ${user:familyName} | + | ${user:name} | + | ${user:preferredUsername} | + | ${user:email} | 3. Choose an appropriate **Format** for each attribute (for example: emailAddress). 1. Go to the **Assigned users** tab and select the **Assign users** button to allow users access to the application. @@ -47,10 +60,10 @@ description: "Using AWS SSO as your identity provider for your Azure account" 1. Copy the **AWS SSO sign-in URL**. 2. Select **Download certificate** to install the AWS SSO certificate. 1. On the Setup Identity Provider page in BigAnimal, select the **Setup Config** tab. - 1. Paste the **AWS SSO sign in URL** into the **Single Sign-On URL** field in BigAnimal. - 1. Select **Choose File** and select the **AWS SSO certificate** from your files. + 1. Paste the **AWS SSO sign in URL** into the **Single Sign-On URL** field. + 1. Select **Choose File** and choose the **AWS SSO certificate** from your files. 1. Select HTTP-POST for the **Request Binding**. 1. Enter a **Response Signature Algorithm**. We reccomend rsa-sha256. 1. Select **Test Connection**. 1. Enter the AWS user credentials that you granted access. - 1. If the Test Connections is successful, then Select **Sign in to BigAnimal** to complete the setup process in the BigAnimal portal. + 1. If the Test Connections is successful, then select **Sign in to BigAnimal** to complete the setup process in the BigAnimal portal. From 15cd718141436a6730d0961fdb6a786869fbfac4 Mon Sep 17 00:00:00 2001 From: Chris Estes <106166814+ccestes@users.noreply.github.com> Date: Thu, 2 Jun 2022 12:32:49 -0400 Subject: [PATCH 6/9] Addressing comments Update product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx Update product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx Update product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx Update product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx Update product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx Update product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx Update product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx aws_sso: feedback revisions Co-Authored-By: Dee Dee Rothery <83650384+drothery-edb@users.noreply.github.com> --- .../identity_provider/aws_sso.mdx | 18 +++++++++--------- .../2/02_requirements_overview.mdx | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx index c58242ec784..525dee8b793 100644 --- a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx @@ -1,12 +1,12 @@ --- -title: "Using AWS SSO as your identity provider" +title: "Using Amazon Web Services Single Sign-On as your identity provider" navTitle: "AWS SSO" description: "Using AWS SSO as your identity provider for your Azure account" --- ## Prerequisites -- To connect BigAnimal to Amazon Web Services Signle Sign-On(AWS SSO), your AWS account must have administrator access. +- To connect BigAnimal to Amazon Web Services Single Sign-On (AWS SSO), your AWS account must have administrator access. - A unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact [cloudcare@enterprisedb.com](mailto:cloudcare@enterprisedb.com) if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. For issues with the code or identity provider setup, contact [Support](/biganimal/release/overview/support). @@ -14,17 +14,17 @@ description: "Using AWS SSO as your identity provider for your Azure account" 1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com. 1. You will be copying and pasting between BigAnimal and AWS so in a separate browser tab or window log into your AWS account and go to the [**AWS SSO console**](https://console.aws.amazon.com/singlesignon). -1. Choose **Enable AWS SSO** or if SSO is already enabled on your account, then continue to the next step. +1. Choose **Enable AWS SSO** if SSO isn't already enabled on your account. !!! note You may need to switch to a region where SSO is enabled. AWS Organizations support SSO in only one region at a time. !!! 1. From the left navigation pane, select **Applications** or select the link in Step 3 on the **Dashboard**. -1. Create and name the application in the **Application catalog**. +1. On the Applications page, select **Add a new application". On the Add New Application page: 1. Select **Add a custom SAML 2.0 application**. - 1. Name the application under **Display Name**. The application will be visisble to your users under this name. -1. At the bottom of the page under **Application metada**, select the link "If you don't have a metadata file...". + 1. Name the application in the **Display Name** field. The application will be visible to your users under this name. +1. At the bottom of the page under **Application metadata**, select the link "If you don't have a metadata file...". 1. Open the Set Up Identity Provider page in BigAnimal. - 2. Copy the following information from BigAnimal and Paste it into the Application metadata section. + 2. Copy the following information from BigAnimal and paste it into the Application metadata section. | Copy from BigAnimal | Paste into Application Metadata | | ------------------------------ | ------------------------------- | @@ -32,7 +32,7 @@ description: "Using AWS SSO as your identity provider for your Azure account" | Audience URI | Application SAML audience | 1. Select **Save changes** at the bottom of the AWS page. -1. Go to your newly-created application (appearing under its Display Name) and select the **Attribute mappings** tab. +1. Go to your newly-created application (appearing under its display name) and select the **Attribute mappings** tab. 1. Add your desired attributes: 1. Enter BigAnimal attributes under **User attribute in the application**. @@ -44,7 +44,7 @@ description: "Using AWS SSO as your identity provider for your Azure account" | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | - 2. Enter AWS SSO attributes under **Maps to this string value or user attribute in AWS SSO**. + 2. Enter the corresponding AWS SSO attributes under **Maps to this string value or user attribute in AWS SSO**. | Supported AWS SSO attributes | | ---------------------------- | diff --git a/product_docs/docs/mysql_data_adapter/2/02_requirements_overview.mdx b/product_docs/docs/mysql_data_adapter/2/02_requirements_overview.mdx index 3b13bd15b2b..4ce960bc4c1 100644 --- a/product_docs/docs/mysql_data_adapter/2/02_requirements_overview.mdx +++ b/product_docs/docs/mysql_data_adapter/2/02_requirements_overview.mdx @@ -1,5 +1,5 @@ --- -title: "Supported database and MySQL versions" +title: "Supported database and versions" --- ## Supported database versions From 466c1330744864cc782a238e6a405be6562455e1 Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Thu, 2 Jun 2022 15:42:15 -0400 Subject: [PATCH 7/9] minor edits --- .../release/getting_started/identity_provider/aws_sso.mdx | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx index 525dee8b793..d8771aadaa6 100644 --- a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx @@ -18,12 +18,14 @@ description: "Using AWS SSO as your identity provider for your Azure account" !!! note You may need to switch to a region where SSO is enabled. AWS Organizations support SSO in only one region at a time. !!! -1. From the left navigation pane, select **Applications** or select the link in Step 3 on the **Dashboard**. -1. On the Applications page, select **Add a new application". On the Add New Application page: +1. Navigate to the Applications page by either selecting **Applications** from the left navigation pane or selecting the link in step 3 on the Welcome to AWS Single Sign-On page. +1. On the Applications page, select **Add a new application**. On the Add New Application page: 1. Select **Add a custom SAML 2.0 application**. + 1. Name the application in the **Display Name** field. The application will be visible to your users under this name. 1. At the bottom of the page under **Application metadata**, select the link "If you don't have a metadata file...". 1. Open the Set Up Identity Provider page in BigAnimal. + 2. Copy the following information from BigAnimal and paste it into the Application metadata section. | Copy from BigAnimal | Paste into Application Metadata | @@ -58,9 +60,11 @@ description: "Using AWS SSO as your identity provider for your Azure account" 1. Go to the **Assigned users** tab and select the **Assign users** button to allow users access to the application. 1. Go to the **Configuration** tab and scroll down to the **AWS SSO metadata** section. 1. Copy the **AWS SSO sign-in URL**. + 2. Select **Download certificate** to install the AWS SSO certificate. 1. On the Setup Identity Provider page in BigAnimal, select the **Setup Config** tab. 1. Paste the **AWS SSO sign in URL** into the **Single Sign-On URL** field. + 1. Select **Choose File** and choose the **AWS SSO certificate** from your files. 1. Select HTTP-POST for the **Request Binding**. 1. Enter a **Response Signature Algorithm**. We reccomend rsa-sha256. From 0e4163789fb3a0b1062248517d32feefad84b62e Mon Sep 17 00:00:00 2001 From: Chris Estes <106166814+ccestes@users.noreply.github.com> Date: Fri, 3 Jun 2022 14:42:58 -0400 Subject: [PATCH 8/9] attribute table consistency changes --- .../identity_provider/aws_sso.mdx | 34 +++++++------------ 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx index d8771aadaa6..72707ec589e 100644 --- a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx @@ -35,28 +35,18 @@ description: "Using AWS SSO as your identity provider for your Azure account" 1. Select **Save changes** at the bottom of the AWS page. 1. Go to your newly-created application (appearing under its display name) and select the **Attribute mappings** tab. -1. Add your desired attributes: - 1. Enter BigAnimal attributes under **User attribute in the application**. - - | Attributes in BigAnimal | - | -------------------------------------------------------------------- | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | - | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | - - 2. Enter the corresponding AWS SSO attributes under **Maps to this string value or user attribute in AWS SSO**. - - | Supported AWS SSO attributes | - | ---------------------------- | - | ${user:givenName} | - | ${user:familyName} | - | ${user:name} | - | ${user:preferredUsername} | - | ${user:email} | - - 3. Choose an appropriate **Format** for each attribute (for example: emailAddress). +1. Enter your desired attribute configuration. We reccomend the following: + + | User attribute in the application | Maps to this string value or user attribute in AWS SSO | Format | + | --------------------------------- | ------------------------------------------------------ | ------------ | + | Subject | ${user:email} | emailAddress | + | /givenname | ${user:givenName} | basic | + | /surname | ${user:familyName} | basic | + | /name | ${user:preferredUsername} | basic | + | /nameidentifier | ${user:name} | basic | + | /emailaddress | ${user:email} | basic | + + Where is http://schemas.xmlsoap.org/ws/2005/05/identity/claims. 1. Go to the **Assigned users** tab and select the **Assign users** button to allow users access to the application. 1. Go to the **Configuration** tab and scroll down to the **AWS SSO metadata** section. 1. Copy the **AWS SSO sign-in URL**. From 2e291e6f997b2ee40acf3f9f75949fc6d36d90f9 Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Tue, 7 Jun 2022 13:34:04 -0400 Subject: [PATCH 9/9] removed nameidentifier row --- .../release/getting_started/identity_provider/aws_sso.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx index 72707ec589e..7a5d2f96482 100644 --- a/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx +++ b/product_docs/docs/biganimal/release/getting_started/identity_provider/aws_sso.mdx @@ -43,7 +43,6 @@ description: "Using AWS SSO as your identity provider for your Azure account" | /givenname | ${user:givenName} | basic | | /surname | ${user:familyName} | basic | | /name | ${user:preferredUsername} | basic | - | /nameidentifier | ${user:name} | basic | | /emailaddress | ${user:email} | basic | Where is http://schemas.xmlsoap.org/ws/2005/05/identity/claims. @@ -54,7 +53,7 @@ description: "Using AWS SSO as your identity provider for your Azure account" 2. Select **Download certificate** to install the AWS SSO certificate. 1. On the Setup Identity Provider page in BigAnimal, select the **Setup Config** tab. 1. Paste the **AWS SSO sign in URL** into the **Single Sign-On URL** field. - + 1. Select **Choose File** and choose the **AWS SSO certificate** from your files. 1. Select HTTP-POST for the **Request Binding**. 1. Enter a **Response Signature Algorithm**. We reccomend rsa-sha256.