Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Onboarding externalized authorization

Integration with Mobile Identity

search

Integration with Mobile Identity

This how-to helps you get up and running by integrating the External Authorization module with the Mobile Identity module.

The Mobile Identity module is a complete solution for single sign-on (SSO) and customer self-service within your organization. The OneWelcome Identity Platform provides an extension to Mobile Identity that enables the enrichment of its access tokens with a claim based on your users' relationships (see relationship-based access control). All you need to do is to set up a Mobile Identity web hook.

Set up the OneWelcome Mobile Identity web hook

Mobile Identity setup

Step 1. Create a web hook

  1. Log in to your Mobile Identity account.

  2. Go to Configuration > System > Web Hooks.

  3. Click Add Web Hook Configuration.

  4. Add the following values to complete the web hook setup:

    Field name Value Description
    Name ReBAC
    WebHook type Customize Token
    WebHook base uri https://hooks.scaledaccess.com/{tenant}/onewelcome Your tenant code provided by the OneWelcome Identity Platform (see account details). This code can be found in manage.scaledaccess.com after your sandbox environment is set up.
    Authentication method Basic Authentication
    Username Your tenant code
    Password The API key connected to your tenant. Create and use the API key for your tenant (see set up webhook configuration)

  5. Click Save.

Step 2. Activate the web hook

  1. Go to Configuration > Web Clients.

  2. Click Edit on your configured web client.

  3. Find the Customize Access Token Web Hook options and select the ReBAC web hook.

  4. Click Save (and Save again to finish editing).

Obtaining and using an enriched access token

Step 3. Request a OneWelcome Identity Platform access token

  1. Use your regular method to request an access token.

  2. Confirm that the access token contains the https://scaledaccess.com/relationships claim (such as by copying the token into jwt.io). If the user has no relationships (yet), the array will be empty.

Step 4. Make access decisions based on relationships

  1. Use the enriched access token to access a protected resource at your API service.

  2. The API service must provide a mechanism to grant or deny access based on the https://scaledaccess.com/relationships claim.

On this page