You may configure OneLogin as a secured solution for SAML SSO + SCIM with Artifactory:
Follow the below steps to configure the OneLogin connector 'SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML)':
-
SAML Audience URL: $JFROG_URL
-
ACS (Consumer) URL Validator: $JFROG_URL\/ui\/api\/v1\/auth\/saml\/loginResponse
Self-Hosted example- https:\/\/my\.artifactory\.com\/ui\/api\/v1\/auth\/saml\/loginResponse Cloud example- https:\/\/<server-name>\.jfrog\.io\/ui\/api\/v1\/auth\/saml\/loginResponse
-
ACS (Consumer) URL: $JFROG_URL/ui/api/v1/auth/saml/loginResponse
-
API Connection (Bottom of the page): Enable the API Status
-
SCIM Base URL: $JFROG_URL/access/api/v1/scim/v2
-
SCIM JSON Template: (This is the basic template that sets the username as the ‘user.email’ from OneLogin, you may edit it based on your needs)
For Cloud JFrog users the $JFROG_URL would be:
https://<server-name>.jfrog.io
{
"schemas": [
"urn:scim:schemas:core:2.0",
"urn:scim:schemas:extension:enterprise:2.0"
],
"userName": "{$user.email}",
"emails": [{
"value": "{$user.email}"
}]
}
- SCIM Bearer Token: Generate the token from Artifactory UI:
The below screenshots demonstrate the configuration required on OneLogin application:
Make sure to assign the user to the application in OneLogin. Also, add this as a task:
Then you may navigate to Users -> Provisioning -> and you'll see that the user was provisioned to Artifactory: