Purify can be configured to use SSO (based on SAML) instead of local authentication.
Under the hood passport-saml is used to make it possible.
You need to provide a set of credentials via
SAML_CALLBACK_URL=https://<purify_fqdn>/api/auth/saml/callbackSAML_IDP_URL=https://dev-xxxx-xxx.us.auth0.com/xxx/xxxxxSAML_ENTITY_ID=urn:dev-xxxx-xxx.us.auth0.comSAML_LOCAL_KEY_PATH=/etc/certs/key.pem# or#SAML_LOCAL_KEY_ONELINE=MIIJQwIBADANBgkqhkiG9....SAML_IDP_CERT_PATH=/etc/certs/idp.pem# or#SAML_IDP_CERT_ONELINE=MIIDDTCCAfWgAwIBAgIJcr....SAML_EMAIL_FIELD_NAME=emailSAML_USERNAME_FIELD_NAME=name
SAML_LOCAL_KEY can be set in two ways:
SAML_LOCAL_KEY_PATH via path of the mounted file into the docker container
SAML_LOCAL_KEY_ONELINE alternatively a single line private key without start/end lines where all rows are joined into single line, see example from of singleline private key.
The same work for
Restart Purify and try to login, the login screen will be changed to:
Some users, such as admins, may need to bypass single sign-on to complete work tasks. To enable this, when creating users, check the box: