https://connect.hyland.com/t5/nuxeo-forum/multiple-identity-providers/m-p/314732#M1733 <P>Hello all,</P> <P>Has anyone successfully configured multiple identity providers for authentication with Nuxeo or does anyone have a clue as to if it is possible? My use case is that I have some users that will need to be able to authenticate with Azure AD and others via Okta. Any help or insight would be greatly appreciated.</P> Tue, 10 Mar 2020 18:16:22 GMT Robert_Smith 2020-03-10T18:16:22Z https://connect.hyland.com/t5/nuxeo-forum/multiple-identity-providers/m-p/314732#M1733 <P>Hello all,</P> <P>Has anyone successfully configured multiple identity providers for authentication with Nuxeo or does anyone have a clue as to if it is possible? My use case is that I have some users that will need to be able to authenticate with Azure AD and others via Okta. Any help or insight would be greatly appreciated.</P> Tue, 10 Mar 2020 18:16:22 GMT https://connect.hyland.com/t5/nuxeo-forum/multiple-identity-providers/m-p/314732#M1733 Robert_Smith 2020-03-10T18:16:22Z https://connect.hyland.com/t5/nuxeo-forum/multiple-identity-providers/m-p/314733#M1734 <P>Hello,</P> <P>You need to setup the <A href="https://doc.nuxeo.com/nxdoc/saml-20-authentication/">SAML2 addon</A> and follow the documentation. Luckily, we use it internally, so all you need for Okta is to create a new app in the Okta Admin, setup the user field mapping and create in Nuxeo an XML extension like :</P> <PRE><CODE>&lt;require&gt;org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig&lt;/require&gt; &lt;require&gt;org.nuxeo.ecm.platform.ui.web.auth.defaultConfig&lt;/require&gt; &lt;extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators"&gt; &lt;authenticationPlugin name="MY_OKTA_CONFIG" enabled="true" class="org.nuxeo.ecm.platform.auth.saml.SAMLAuthenticationProvider"&gt; &lt;loginModulePlugin&gt;Trusting_LM&lt;/loginModulePlugin&gt; &lt;needStartingURLSaving&gt;true&lt;/needStartingURLSaving&gt; &lt;parameters&gt; &lt;parameter name="name"&gt;Okta&lt;/parameter&gt; &lt;!-- Uri of the metadata --&gt; &lt;parameter name="metadata"&gt;https://.........../sso/saml/metadata&lt;/parameter&gt; &lt;!-- Request timeout in seconds --&gt; &lt;parameter name="timeout"&gt;5&lt;/parameter&gt; &lt;/parameters&gt; &lt;/authenticationPlugin&gt; &lt;/extension&gt; &lt;extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="chain"&gt; &lt;authenticationChain&gt; &lt;plugins&gt; &lt;plugin&gt;BASIC_AUTH&lt;/plugin&gt; &lt;plugin&gt;FORM_AUTH&lt;/plugin&gt; &lt;plugin&gt;MY_OKTA_CONFIG&lt;/plugin&gt; &lt;/authenticationChain&gt; &lt;/extension&gt; &lt;extension target="org.nuxeo.usermapper.service.UserMapperComponent" point="mapper"&gt; &lt;mapper name="saml" type="js"&gt; &lt;mapperScript&gt; searchAttributes.put("username", userObject.getNameID().getValue()); userAttributes.put("email", userObject.getNameID().getValue()); userAttributes.put("firstName", userObject.getAttributeByName("firstName").getAttributeValues().get(0).value); userAttributes.put("lastName", userObject.getAttributeByName("lastName").getAttributeValues().get(0).value); &lt;/mapperScript&gt; &lt;/extension&gt; </CODE></PRE> <P>In this example, you'll get the basic auth and the okta auth, with the login screen.</P> <P>Good luck</P> Wed, 11 Mar 2020 08:56:32 GMT https://connect.hyland.com/t5/nuxeo-forum/multiple-identity-providers/m-p/314733#M1734 Gregory_Carlin 2020-03-11T08:56:32Z