Configuring AuthHub for Single Sign-on (SSO) plugin

MantisHubs AuthHub plugin is available for qualifying plans and enables authentication and Single Sign-on via a supported identity provider of choice.

Supported providers are:

 

If you are on the correct plan, you can activate the service by installing the AuthHub plugin

AuthHubpluginInstall-2-final.png

Once the AuthHub plugin is installed, you will need to set your provider. Follow the instructions in the relevant SSO provider article linked above. The default setting allows users to determine if they use their MantisHub credentials or authenticate via their relevant identity provider. Also OFF BY DEFAULT is the option for auto-provisioning to allow automated creation of MantisHub accounts for authenticated users. 

To turn ON auto-provisioning as well as implement policies around authentication methods and log in there are several AuthHub configuration options for you. These policies will apply to all supported provider authentication. Configuration Options are listed below.

 

Configuration Options

Below are the configuration options for your AuthHub setup. To enter the configurations, an administrator can set this up from the web UI.  Head to the Manage - Manage Configuration - Configuration Report page and create the relevant configuration option.

AuthHub_configOpt-2-final.png

 

 

Authentication Provider

Set the provider for SSO:

 

Config Option:    plugin_AuthHub_federation_provider

Type:                  string

Value:                 < provider i.e. 'github', 'bitbucket', 'microsoft' or 'google' >

 

Authentication Scope

Set the domain for your tenant:

Config Option:    plugin_AuthHub_federation_tenant

Type:                  string

Value:                 <tenant e.g. example.com or mine.example.com>

 

Lock users to Provider Authentication

To define users you wish to have ONLY use your provider authentication, create the following configuration.  You can specify list of users, domains, or a mix:

Config Option:    plugin_AuthHub_federation_force_list

Type:                  complex

Value:                 array()     <within brackets specify list of usernames, email addresses or domains. e.g. jsmith, jsmith@example.com or @example.com>

 

Permit users to use both credentials 

To define a list of users allowed to still use their MantisHub login as well as provider authentication, create this configuration option. Note that this list has higher precedence over the force list. It is useful for administrator who may need to disable or troubleshoot sign-on federation issues.

Config Option:    plugin_AuthHub_allow_password_login

Type:                  complex

Value:                 array()     <within brackets specify list of usernames, email addresses or domains. e.g. jsmith, jsmith@example.com or @example.com>

 

Login Session Lifetime

To define the login session lifetime in seconds for users who log in via a federated provider, create this configuration option:

Config Option:    plugin_AuthHub_federation_session_lifetime

Type:                  integer

Value:                 <lifetime in seconds, default is 86400 (24hrs). Enter 0 to expire the session when the browser is closed.>

 

Auto-provisioning 

To enable auto-provisioning for users not already in MantisHub, create the following configuration option. Auto-provisioning will be based on sign-in information. 

Config Option:    plugin_AuthHub_provisioning_enabled

Type:                  integer

Default:              0

Value:                 1

 

To limit the domains for auto-provisioning:

Config Option:    plugin_AuthHub_provisioning_domains

Type:                  complex

Value:                 array( '@example1.com', '@example2.com' )

 

To define provisioning global access level for auto-provisioned accounts which applies to public projects:

Config Option:    plugin_AuthHub_provisioning_global_access_level

Type:                  integer

Value:               see access levels article   

 

To define a default access level per project (This is necessary for private projects and cases where project access level is not equal to global access level specified in `provisioning_global_access_level`).

Config Option:    plugin_AuthHub_provisioning_project_access_level

Type:                  complex

Value:                 array( 'project1' => 'REPORTER', 'project2' => 'DEVELOPER' )

 

 

Have more questions? Submit a Request

Comments

Powered by Zendesk