Skip to main content
Feedback

Configuring identity and service providers

note

This feature is part of Advanced User Security, which is available in the Enterprise and Enterprise Plus Editions, and as an add-on to the Professional and Professional Plus Editions. Consult with your Boomi account representative to enable this functionality.

Boomi uses OpenAM (previously known as OpenSSO) as the example for setting up the identity provider. The platform is the service provider.

Setting up your identity provider

You'll have to add the Boomi Enterprise Platform to your Circles of Trust in an identity provider of your choice to implement single sign-on.

A circle of trust is a federation of at least one service provider and identity provider who agree to share authentication information with assertions about authenticated users to allow service providers to make authorization decisions.

  1. Log into your identity provider (OpenAM) as the administrator.

  2. Click Create Hosted Identity Provider.

  3. Optional: In the Metadata section, change the Name field. This is the only opportunity that you have to change the name.

  4. Select a Signing Key.

    If you are using OpenAM, do not use the "test" signing key that is distributed with it because it is publicly available and not secure.

  5. In the Circles of Trust field, select the Add to new option.

  6. In the New Circle of Trust field, add a name for your circle of trust, for example, Boomi.

  7. Click Configure.

To complete your SSO configuration, you'll need to follow the steps below to add platform users to your identity provider, and then add the platform as a service provider.

Adding Boomi Enterprise Platform users to the identity provider

  1. Log into the identity provider (OpenAM) as an administrator.

  2. Locate the user's configuration.

  3. Enter the user's Federation ID. This is the Federation ID setting that you added in the Add/Maintain User Roles dialog in Settings > Account Access > User Management.

    In the example illustrating the addition of the as a service provider to OpenAM, the user’s email address was designated as the federation ID.

  4. Enter the user's Default Relay State URL. This is the platform URL to which the user is to be redirected upon single sign-on from the identity provider.

    • To specify redirection to the service, enter build;accountId=<accountID>, where accountID is the ID of the platform account.

    • To specify redirection to the service, enter mdm_repositories;accountId=<accountID>, where accountID is the ID of the platform account.

    • To specify redirection to the service, enter api_dashboard;accountId=<accountID>, where accountID is the ID of the platform account.

  5. Save the user's information.

Adding the Boomi Enterprise Platform as a service provider

  1. Log into your identity provider (OpenAM) as the administrator.

  2. Click Register Remote Service Provider.

  3. In the Where does the metadata file reside field, select URL.

  4. In the URL where metadata is located box, add the URL to the metadata for the account that you are setting up for single sign-on. This is the value from the MetaData URL field in Settings > Security Options on the SSO Options tab — for example: https://<host\>:<port\>/sso/<accountId\>/saml?metadata=true.

  5. In the Circle of Trust section, select Add to existing.

  6. In the Existing circle of trust list, select the circle of trust that you created earlier.

  7. In the Attribute Mapping section, type FEDERATION_ID in the first field and select mail from the second field, then click Add.

    This means that the value in a user's email address field will be used as the federation id.

  8. Click Configure.

On this Page