Next-Gen Access

Single Sign-On (SSO) from Next-Gen Access intelligently enables secure access to thousands of cloud, mobile, and on-premises applications from a single identity infrastructure.

•

Information Stored

•

Minimum Permissions Required

•

Authentication Method

•

Credentials Required

•

Integrating Next-Gen Access with SaaS Management

•

API Endpoints

Information Stored

The following table describes the available integration tasks and stored data

Available Integration Tasks

Integration Task

Information Stored

HR Roster

•

User I. D

•

First Name

•

Last Name

•

Active Date

•

Status

•

Department

•

Location

Application Roster

•

User ID

•

First Name

•

Last Name

•

Active Date

•

Status

Application Access

•

User ID

•

Occurred (Last Login)

Application Discovery

•

Application Name

•

Application Label

•

Application Description

•

Instance ID

SSO Application Roster

•

First Name

•

Last Name

•

Unique ID

•

Application Name

•

Application Label

•

Application ID

SSO Application Access

•

Unique ID

•

Occurred (Application Launch)

•

Application Name

•

Application Label

•

Application ID

•

Application Instance ID

Note:The information stored is subject to change as enhancements are made to the product.

Minimum Permissions Required

The following minimum permissions are required.

•

Read-only System Administrator

•

Application Management

Authentication Method

OAuth2 Client Credentials

Credentials Required

•

Tenant URL

•

Client ID

•

Client Secret

Integrating Next-Gen Access with SaaS Management

To integrate Next-Gen Access with SaaS Management, perform the following tasks.

•

Creating an OAuth Client

•

Obtaining Your Next-Gen Access Client ID and Client Secret

•

Integrating Next-Gen with SaaS Management

Creating an OAuth Client

To create an OAuth client, perform the following steps.

To create an OAuth client:

To import a Web App, login to your Next-Gen Access admin portal. Navigate to Web Apps and click the Add Web Apps button. The Add Web Apps screen opens.

Select the Import tab.

Download the OauthClientApp.zip folder from the SaaS Management Resources drive. Click Upload and upload the OauthClientApp.zip folder to add the application.

Once the application is added, the application’s Overview tab opens.

Note:Do not change the Application ID.

To create a client credential user, navigate to the General Usage tab and click the link to create a user.

The Login Name and Password given by the user will be the respective Client ID and Client Secret. These two fields are needed as user input. Once these values are provided, click the Create User button. An example Client ID is clientID@metasaas.com.

You are now able to see the new user under the All Service Users listing.

To create a new role, click Roles on the Core Services menu. Then click Add Role. The Add Role screen opens.

In the Name field, enter the name of the role and click Save.

On the Add Role screen, click the Members tab. The Add Members screen opens. Add the client credential user that was created in step 2 and click Add.

On the Add Role screen, click the Administrative Rights tab. The Add Rights window opens. Select Read Only System Administration and Application Management. Then click Add.

Click Save. The Role has been added to the Web App.

Navigate back to the General Usage tab for the Web App that we imported.

Select the Permissions tab. The Select User, Group, or Role screen opens. Add the new permission (Role) and (User) that was created in step 3 and click Add.

Click Save. The deployment is complete.

Obtaining Your Next-Gen Access Client ID and Client Secret

To obtain your Next-Gen Access Client ID and Client Secret, perform the following steps.

To obtain your Next-Gen Access Client ID and Client Secret:

Tenant URL: Use the URL that you received as the Next-Gen Access URL in your welcome email. Enter the URL without https://.

For example, if the Tenant URL is https://aaa1234.my.idaptive.app/manage, enter only aaa1234.my.idaptive.app

Client ID and Client Secret: Obtain both of these credentials while creating the OAuth2 web application.

Note:Do not enable Two-Factor Authentication.

Integrating Next-Gen with SaaS Management

To Integrate Next-Gen with SaaS Management, perform the following steps.

To integrate Next-Gen with SaaS Management:

In SaaS Management, add the Next-Gen application. Refer to Adding an Application.

Copy and paste the following Next-Gen information in SaaS Management:

•

Client ID

•

Client Secret

Click Authorize.

Tip:Once the Application Discovery integration task has been enabled after 24 hours, you can add the discovered SSO enabled applications to your list of Managed SaaS Applications. For details, refer to Adding Discovered SSO Enabled Applications to Your List of Managed SaaS Applications.

API Endpoints

HR Roster, Application Roster, Application Discovery, Application Access, and SSO Application Access

https://<TenantURL>/Redrock/query

SSO Application Roster

https://<TenantURL>/UPRest/GetUPData