Customer Identity Access Management guide for the Unified Consent Consumer UI
This guide provides an overview of Customer Identity Access Management (CIAM) for the Unified Consent Consumer UI. Currently we support CIAM with SAML 2.0.
CIAM with SAML 2.0
Setup
In order to use SAML integration, start by configuring the SAML service provider. Navigate to the Consumer SSO page.
Initial IdP Setup
Prior to arriving here, some initial setup is required in the identity provider IdP. The output of the IdP setup will provider the necessary values to fill out this form.
In the IdP, please setup the following:
- Map the name id field to the email address.
- Map the name id format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Sign the Assertion & Response
- Add the following fields (optionally):
- user.firstName
- user.lastName
Service Provider (SP) Setup
Usage
Consumer UI
After you configure the Consumer SSO integration, the page will now contain an option to Login in the top right. Clicking this link will bring the user to the customer identity provider. After they login, they will be returned to this page with their choices pre-populated.
Deep Linking
If the user is already logged in, you can provide them with a seamless navigation. The following URL can be used to deep link and transmit the single sign-on.
URL: https://api.osano.com/auth/sso/login
Required Parameters:
-
customerId
- the Customer ID is located on the UC Config Details page of the UC admin console, in the developer section. -
redirectUrl
- this is the URL that the user will be redirected to after they are logged in. -
resourceId
- The value ofresourceId
must be the UC Config ID. The Config ID is located on the UC Config Details page of the UC admin console, in the developer section. -
product
- This value must beuc
-
region
- The region value should beus
for requests made from within the USA, andeu
for requests made from elsewhere. -
filters
- Should be the following object as URI encoded stringified JSON-
{
isPublished: true
}
-
Appendix
General Purpose Flow
Embedded Consumer UI
This flow is applicable to sites that are embedding the out-of-the-box consumer user interface into their sites.
See the Embedded Experience page for details about passing the session id into the Consumer UI.
RelayState
In an SP-initiated flow, such as those described above, a RelayState will be passed to the IdP. The IdP should return the RelayState to the SAML Assertion Consumer Service unchanged. This is standard SAML behavior and should not require any special configuration to make it work.