Skip to main content

Customer Identity Access Management guide for the Unified Consent Consumer UI

This guide provides an overview of Customer Identity Access Management (CIAM) for the Unified Consent Consumer UI. Currently we support CIAM with SAML 2.0.

CIAM with SAML 2.0

Setup

In order to use SAML integration, start by configuring the SAML service provider. Navigate to the Consumer SSO page.

Consumer SSO in Navigation Side Bar

Initial IdP Setup

Prior to arriving here, some initial setup is required in the identity provider IdP. The output of the IdP setup will provider the necessary values to fill out this form.

In the IdP, please setup the following:

  • Map the name id field to the email address.
  • Map the name id format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
  • Sign the Assertion & Response
  • Add the following fields (optionally):
    • user.firstName
    • user.lastName

Service Provider (SP) Setup

Consumer SSO Configuration Creation

Usage

Consumer UI

After you configure the Consumer SSO integration, the page will now contain an option to Login in the top right. Clicking this link will bring the user to the customer identity provider. After they login, they will be returned to this page with their choices pre-populated.

Consumer UI SSO Login Button

Deep Linking

If the user is already logged in, you can provide them with a seamless navigation. The following URL can be used to deep link and transmit the single sign-on.

URL: https://api.osano.com/auth/sso/login

Required Parameters:

  • customerId - the Customer ID is located on the UC Config Details page of the UC admin console, in the developer section.

  • redirectUrl - this is the URL that the user will be redirected to after they are logged in.

  • resourceId - The value of resourceId must be the UC Config ID. The Config ID is located on the UC Config Details page of the UC admin console, in the developer section.

  • product - This value must be uc

  • region - The region value should be us for requests made from within the USA, and eu for requests made from elsewhere.

  • filters - Should be the following object as URI encoded stringified JSON

    • {
        isPublished: true
      }

Appendix

General Purpose Flow

Consumer SSO Diagram

Embedded Consumer UI

This flow is applicable to sites that are embedding the out-of-the-box consumer user interface into their sites.

Consumer SSO Embedded Diagram Part 1 Consumer SSO Embedded Diagram Part 2

See the Embedded Experience page for details about passing the session id into the Consumer UI.

RelayState

In an SP-initiated flow, such as those described above, a RelayState will be passed to the IdP. The IdP should return the RelayState to the SAML Assertion Consumer Service unchanged. This is standard SAML behavior and should not require any special configuration to make it work.