Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Onboarding externalized authorization

Integration with Mobile Identity

search
printsuggest an editpdf paneldownload

Integration with Mobile Identity

This how-to helps you get up and running by integrating the External Authorization module with the Mobile Identity module.

The Mobile Identity module is a complete solution for single sign-on (SSO) and customer self-service within your organization. The OneWelcome Identity Platform provides an extension to Mobile Identity that enables the enrichment of its access tokens with a claim based on your users' relationships (see relationship-based access control). All you need to do is to set up a Mobile Identity web hook.

copy link to clipboardSet up the OneWelcome Mobile Identity web hook

copy link to clipboardMobile Identity setup

copy link to clipboardStep 1. Create a web hook

  1. Log in to your Mobile Identity account.

  2. Go to Configuration > System > Web Hooks.

  3. Click Add Web Hook Configuration.

  4. Add the following values to complete the web hook setup:

    Field name Value Description
    Name ReBAC
    WebHook type Customize Token
    WebHook base uri https://hooks.scaledaccess.com/{tenant}/onewelcome Your tenant code provided by the OneWelcome Identity Platform (see account details). This code can be found in manage.scaledaccess.com after your sandbox environment is set up.
    Authentication method Basic Authentication
    Username Your tenant code
    Password The API key connected to your tenant. Create and use the API key for your tenant (see set up webhook configuration)

  5. Click Save.

copy link to clipboardStep 2. Activate the web hook

  1. Go to Configuration > Web Clients.

  2. Click Edit on your configured web client.

  3. Find the Customize Access Token Web Hook options and select the ReBAC web hook.

  4. Click Save (and Save again to finish editing).

copy link to clipboardObtaining and using an enriched access token

copy link to clipboardStep 3. Request a OneWelcome Identity Platform access token

  1. Use your regular method to request an access token.

  2. Confirm that the access token contains the https://scaledaccess.com/relationships claim (such as by copying the token into jwt.io). If the user has no relationships (yet), the array will be empty.

copy link to clipboardStep 4. Make access decisions based on relationships

  1. Use the enriched access token to access a protected resource at your API service.

  2. The API service must provide a mechanism to grant or deny access based on the https://scaledaccess.com/relationships claim.

On this page