Configure Identity Providers

Get started with OAuth2/Open ID Connect (OIDC) Identity Provider configuration to enable security integration with other systems or 3rd parties in your IT landscape

Objective

Manhattan Active® Platform Access Management has administrative screens that manage various security aspects, including authentication, login modes, OAuth client setup, and Identity Provider Configuration. Documents that describe various flavors of Identity Provider Setup for external integration are based on the type of Identity Provider Integration Sought. There are two available:

  • Azure Ad
  • Okta.

Introduction

As a premier SaaS provider in the market, Manhattan prioritizes the security of its Active Platform software. In alignment with this commitment, we are pleased to announce the release of an enhanced version of the Manhattan Identity & Access Management (IAM) system, named Access Management 2.0. This updated version not only delivers enhanced security features but also offers improved integration capabilities with customer-owned identity platforms such as Azure and Okta. Previously, the Manhattan Active Platform supported Just In Time (JIT) user provisioning exclusively for the SAML 2.0 protocol. With Access Management 2.0, JIT support has been extended to include the OpenID Connect (OIDC) protocol as well. The subsequent sections provide comprehensive guidance, including illustrative screen captures, on configuring Access Management 2.0 alongside Azure and Okta as external Identity Providers (IdPs) for both JIT and non-JIT use cases within the OIDC protocol.

Assumptions

  • The configuration screens shown for both Azure and Okta could change with time.
  • This document will be kept in alignment when that happens.
  • If further assistance is needed during configuring Access Management 2.0 for OIDC JIT/Non-JIT, please reach out to your Manhattan Services Representatives to seek help and report any issues with this document.

Special Note

  • Access Management 2.0 creates a Local User for every external Identity Provider (IdP) User.
  • After creation in the JIT Flow, such external Users are also created in the Organization Database.
  • If, subsequently, the same user is deleted and recreated through the JIT process, to remove roles/orgs/locations, such deletion is:
    • First, not needed
    • Second, it blocks the same user from logging in because Access Management 2.0 cannot find the Id of the internal user
  • To proceed, usually add and remove roles/org/location, and the JIT process will update the same user in the Organization DB.
  • If such users must be deleted, please reach out to Manhattan Operations for a subsequent cleanup in the Access Management 2.0 DB.
Configure Okta OIDC IdP for JIT

Get started with OAuth2 / Open ID Connect (OIDC) Identity Provider configuration to enable security integration with other systems or 3rd parties in your IT landscape

Configure Azure Identity Providers

Get started with OAuth2/Open ID Connect (OIDC) Identity Provider configuration to enable security integration with other systems or 3rd parties in your IT landscape


Last modified September 5, 2024: retrigger with original workflow cdn (9c51138)