Links

Portal SSO

There are two ways that you can authenticate into the Developer Portal, either automatically or using the login form.
Once you configure your deployment to enable the Deployed Portal, the next thing you may wish to accomplish is to use your Single-Sign-On to authenticate into the Deployed developer interface.
Our portal interfaces currently support Automatic Login with SAML authentication into our deployed portal interfaces for both the Developer portal seen @ https://portal.form.io as well as our Form Manager application.
Please Note: The Automatic Login is supported with SAML only. For other Authentication Methods other than SAML, use the Login Form Authentication.

Developer Portal SSO using Automatic Login with SAML

Introduction

The Automatic login will perform a login via SSO as soon as you navigate to the login page of the portal interface. The benefit of this method is that the end users of the portal do not have to click on an extra "Login with SAML" button in order to SSO into the portal. This process is handled automatically as soon as they navigate to the authentication page of the developer portal. There is a drawback, however, which is that this method does remove the ability to login to the portal application using the Super Admin and Password configured when you launched the deployment with the ADMIN_EMAIL and ADMIN_PASS environment variables.
Setup
In order to enable Automatic SSO login to your developer portal, you will need to update the User Login Form in the Portal Base project. Here are the points:
  1. 1.
    Navigate to the User Login Form in the Portal Base project
  2. 2.
    Drag a Hidden component to the form
  3. 3.
    Configure the Label (for ex. samlAutoLogin)
  4. 4.
    Go to the Data tab and under Persistent configuration choose 'None'
  5. 5.
    Scroll down to the Custom Default Value section and insert this content:
if (!instance.builderMode && !Formio.disableAutoLogin && !Formio.pageQuery().disableAutoLogin) {
Formio.ssoInit('saml');
}
  1. 6.
    Save the component and the form
Now, after you log out, you should be redirected straight to your SAML provider authentication page to authenticate back.
To temporary disable the auto login flow (for ex. to log in with Super Admin and Password), you can pass the disableAutoLogin=true URL query paremeter. Or if you're already logged in, you can set Formio.disableAutoLogin=true from DevTools Console.

Instructions for Setup

To get started, you will first need to become familiar with how the SAML integration works with Form.io. You can read this documentation within the SAML Single Sign On section. Once you are familiar with this, you will want to setup SAML integration within the Portal Base project which is created when you deploy a new portal with the PRIMARY=true environment variable. You will see this project when you log into the deployed portal when you authenticate using the ADMIN_EMAIL and ADMIN_PASS that you used when creating the deployed portal. This will look like the following.
set upWhen you click on this project, you will then want to configure the SAML configuration with the settings that you setup by walking through the SAML documentation above.

Developer Portal SSO using Login Form Authentication

The other method that can be used to login to the developer portal is through the Login Form. This method provides the flexibility of being able to login by either logging in as a user account, or through the SSO via the "Login with SSO" button. In order to setup this method, please follow the Login Form Configuration within the SAML documentation, but do this for the Portal Base project.
Once you have done this, you will now need to ensure that you can establish the Team management through the SSO authentication described in the team management section. To accomplish this, you will need to provide the following environment variable to your deployment.
SSO_TEAMS=true

Team Management

In addition to allowing users to create their own projects, you can also use the Portal SSO in conjunction with our Team support within the Developer Portal. This system creates a One-to-One connection between Roles within your SAML or OIDC configuration, that will then map to Teams within the Form.io developer portal.
To start, you will first need to create Teams within your developer portal that will be related to Roles within your SAML or OIDC configuration.
Make sure you check the checkbox called SSO Team which will tell the API platform that you wish to map this team with an SSO Role.
When using SAML or OIDC, you do not need to worry about assigning anyone to that Team since that will be handled automatically through the SSO process when they authenticate by associating SAML or OIDC roles to that Team.
Next, you will need to assign that Team to the projects you wish to allow SSO users to have access to within the Form.io developer portal interface. Navigate to the project, click the Teams, then select the role you wish that team to have within the given Project.
Once you have done this, anyone with a SAML or OIDC Role name that matches the name of the Team will be automatically assigned to that team and be granted access to a project.
The next item that can be configured for SSO is the Form Manager application.

Form Manager SSO

To enable the Form Manager with SAML SSO authentication, you will need to first navigate to your project, and just like you did for the Portal Base project above, configure this project with some SAML configuration. Important: Make sure that you configure a separate SSO application within your SAML provider to use the correct project URLs instead of using the same SAML configuration provided in the previous step.
After you do that, you will now need to provide the SSO configuration within your project's Public Configuration section.
For a description of all Configurations available go to the Form Manager Settings documentation.