SSO for ownCloud
cidaas' cloud-based Unified Access Management platform provides secure SSO access to web apps in the cloud or ownCloud apps through simple configuration. With cidaas' SSO for ownCloud, your users will be able to securely login to their ownCloud applications using their IdP credentials. This feature allows IT admins to grant or revoke SSO access for an owncloud application when needed and also configure the user access levels.
When a user is authenticated on one application using SSO they can login to all other applications automatically, regardless of the technology, platform or domain.
This document gives you the step-by-step description of how to configure cidaas as the Identity Provider for your ownCloud instances.
If you are here, we assume you are already familiar with ownCloud and would like to integrate your apps with cidaas' SSO services.
Please follow these steps to complete the set-up.
Configuring cidaas as Identity Provider in ownCloud
This section includes the steps to use cidaas as an Identity Provider for your ownCloud application.
By configuring cidaas as Identity Provider in ownCloud, you can login to ownCloud through cidaas.
What you'll need to do:
- Login to your ownCloud account and install the OIDC Plugin.
- Create a new App in cidaas for ownCloud.
- Configure OIDC in ownCloud.
Login to ownCloud and install the OIDC Plugin
1. In the official description, ownCloud provides the app for ownCloud 10.0.0 which you'll need to install on your system to enable OpenID Connect for your ownCloud instance.
2. Download the .ZIP file and complete the Installation to get the app for your ownCloud instance.
After this step, you need to create an app for ownCloud on cidaas. The steps are given below.
Creating a new App in cidaas for ownCloud
1. Create your cidaas App. To do so, navigate to your cidaas instance Admin Dashboard->Apps->App Settings and click on the create App button. If you do not have a instance yet, you can create one in minutes here.
2. Add a name for your app e.g. ownCloud and select
Regular. Then, click on the Next button.
3. Open App Settings and select the scopes required to access ownCloud from the dropdown list. In this case, it is
[openid, email, profile, identities, groups, roles, offline_access].
4. Add the redirect URLs in the relevant textbox.
<YOUR_OWNCLOUD_BASEURL>/apps/openidconnect/redirect <YOUR_OWNCLOUD_BASEURL>/index.php/apps/openidconnect/redirect <YOUR_OWNCLOUD_BASEURL>/.well-known/openid-configuration <YOUR_OWNCLOUD_BASEURL>/apps/openidconnect/redirect
5. Then, add the Allowed Logout URLs in the relevant textbox.
6. Save your App. It will automatically generate a
clientSecret which you need in the
config.php of ownCloud.
7. Go to your ownCloud server (if installed on premise) and navigate to the config file that is located in
config.php, you can configure OpenID Connect with cidaas by providing the
provider-url, which is the cidaas base url, and the
clientSecret of the cidaas-ownCloud App you just configured. You can also fine-tune this setting, for example, set autoRedirectOnLoginPage to the cidaas login page.
'openid-connect' => array ( 'provider-url' => '<YOUR_CIDAAS_BASE_URL>', 'client-id' => '<YOUR_CLIENTID>', 'client-secret' => '<YOUR_CLIENTSECRET>', 'loginButtonName' => 'cidaas', 'autoRedirectOnLoginPage' => false, 'mode' => 'userid', 'search-attribute' => 'email', 'scopes' => array ( 0 => 'openid', 1 => 'email', 2 => 'profile', 3 => 'identities', 4 => 'groups', 5 => 'roles', 6 => 'offline_access', 7 => 'phone', ), ),
Congratulations! You have now completed your ownCloud set-up on cidaas.
What this Set-up will help you Achieve?
- Enable multifactor-authentication in app settings.
- Use passwordless authentication to login to ownCloud.
- Stay logged in.
- Restrict access to your app by specifying the allowed groups and roles in app-settings.
If you have any questions or face any issues with this configuration, please contact our support team for further assistance.
We'll be happy to help. Thank you!