home

Discover

DiscoverStartExploreModelIntegrateEngage
DiscoverStartExploreModelIntegrateEngage

Accelerate the Value of Data

Show Contents

thumbnailDiscover

Migrate Tenants to SSO

Update Tenant SSO configuration

This task guides you through the process of updating the SSO configuration for multiple Reltio tenants using the Update SSO Configuration API.

The Update SSO Configuration APIs are designed to enable you to configure Single Sign-On to access the Reltio tenants. Reltio does not recommend using this API to configure SSO for the first time. The recommendation is to configure SSO via the Reltio Console. This API is only recommended for cases in which you want to apply the same SSO configuration to multiple tenants.

Note: The ROLE_ADMIN_CUSTOMER role is required to perform these operations.
  1. Configure SSO on a tenant
    (Ideally a DEV tenant to ensure it works before doing it in TEST/PROD tenants).
  2. Execute the GET Customer API to retrieve your customer configuration
    This returns the SSO setup of your tenants.
  3. Apply SSO configuration to other tenants
    1. Identify the externalProviderConfig attribute to help construct the configuration for other tenants.
      SAML example:
      
                            {
                                "providerId": "OktaProvider",
                                "vendor": "okta",
                                "loginEndpoint": "https://dev-432548.okta.com/oauth2/v1/authorize",
                                "tokenEndpoint": "https://dev-432548.okta.com/oauth2/v1/token",
                                "userInfoEndpoint": "https://dev-432548.okta.com/oauth2/v1/userinfo",
                                "callbackEndpoint": "https://auth.reltio.com/oauth/callback",
                                "clientId": "0oa9dftgfdgd4qFDW2347",
                                "scope": "openid profile email",
                                "userIdMapping": "email",
                                "userEmailMapping": "email",
                                "userRoleMapping": "memberOf",
                                "userRoleRegexp": "(AZ_[a-zA-Z0-9_]*)*?",
                                "defaultNewUserRoleList": [
                                    "ROLE_API",
                                    "ROLE_USER"
                                ],
                                "tenants": [
                                    "tenant1"
                                ],
                                "jwt": false,
                                "userGroupsMapping": "groups_info",
                                "userGroupRegExp": "([a-zA-Z0-9_]*)*?",
                                "defaultGroups": [],
                                "rolePerTenantSsoEnabled": false,
                                "sendClientCredentialsInBody": false
                            }
      OIDC example:
      {
               "providerId": "OktaProvider",
               "vendor": "okta",
               "loginEndpoint": "https://dev-432548.okta.com/oauth2/v1/authorize",
               "tokenEndpoint": "https://dev-432548.okta.com/oauth2/v1/token",
               "userInfoEndpoint": "https://dev-432548.okta.com/oauth2/v1/userinfo",
               "callbackEndpoint": "https://auth.reltio.com/oauth/callback",
               "clientId": "0oa9dftgfdgd4qFDW2347",
               "scope": "openid profile email",
               "userIdMapping": "email",
               "userEmailMapping": "email",
               "userRoleMapping": "memberOf",
               "userRoleRegexp": "(AZ_[a-zA-Z0-9_]*),*?",
               "defaultNewUserRoleList": [
                   "ROLE_API",
                   "ROLE_USER"
               ],
               "tenants": [
                   "tenant1"
               ],
               "jwt": false,
               "userGroupsMapping": "groups_info",
               "userGroupRegExp": "([a-zA-Z0-9_]*),*?",
               "defaultGroups": [],
               "rolePerTenantSsoEnabled": false,
               "sendClientCredentialsInBody": false
           }
      Configuration is basically the same for both cases, the vendor subattribute is the key difference. Reltio natively supports OIDC and leverages AWS Cognito to support SAML. If you have a SAML configuration, you will see "Cognito" in the vendor.
    2. Under the externalProviderConfig attribute, identify the tenants sub-attribute
    3. Add all your tenants IDs under the externalProviderConfig/tenants attribute
      If you started with the DEV tenant you should only add the TEST tenant and verify that it works. Only after that should you add the PROD tenant.
    4. Put the configuration on the target tenants
      Use Update Customer API to apply the configuration.

Updated on August 9, 2024

Footer

You've found your way to a temporary environment. Content is not complete or final. Looking for Reltio documentation? Go to docs.reltio.com.

Company

Leadership

Careers

Awards

Contact Us

Reltio Newsroom

Press Releases

Media Coverage

Media & Analyst Resources

Customer Support

Support

Reltio Learn

Community

Developer Portal

100 Marine Parkway, Suite 275

Redwood Shores, CA 94065

USA

North America: +1(855)360-3282

Europe: +44(800)368-7643

Email: sales@reltio.com

© 2022-2024 Reltio Intellectual Property. All rights reserved.

Terms, Policies & Cookie Preferences