- Preface
- Notes
- Salesforce
- ServiceNow
- Office 365
- AWS
- AWS-MultiTenant
- Box
- Google Apps
- OneLogin
- DUO
- Google Cloud Platform (GCP)
- Azure
- Okta
- Private Application
- Custom Application
Preface
In order to authenticate the various Cloud Apps, a different set of credentials is required for each.
This document will lay out the various configurations required in order to authenticate successfully with each.
Each application will describe what values should be set at the application
and authn-data
attributes.
See extended configuration documentation for each Cloud App here
Notes
- Field value marked as
obfuscated
indicates that the returning value is not the clear-text that was set, but an indication that the value is returned in an encrypted manner and is not visible further.
All data is stored encrypted on the backend. - Field value marked as
options
accepts only the following listed values as valid. - Field value marked as
multiline
indicates that the transported value needs to keep its linebreaks, or is expected to be a large chunk of text. useful for building client UI forms. - All fields are required, unless explicitly marked as
optional
Salesforce
application
: "Sales Cloud"
authn-data
:
{
"type": "service-account",
"fields": [
{
"name": "service-credentials-json",
"value": JSON object
},
{
"name": "admin-username",
"value": string, username of an admin having permission to view admin activity report
},
{
"name": "api-scopes",
"value": string, scopes list, comma delimited (has default value hence optional)
}
]
}
ServiceNow
application
: ServiceNow
authn-data
:
{
"type": "basic",
"fields": [
{
"name": "hostname",
"value": string
},
{
"name": "username",
"value": string
},
{
"name": "password",
"value": string. obfuscated
},
{
"name": "time-zone",
"value": string
}
]
}
Office 365
application
: Office 365
authn-data
:
{
"type": "oauth2",
"fields": [
{
"name": "client-id",
"value": string
},
{
"name": "client-secret",
"value": string. obfuscated
},
{
"name": "tenant-id",
"value": string
},
{
"name": "username",
"value": string. optional
},
{
"name": "password",
"value": string. obfuscated. optional
}
]
}
Office 365 - additional authentication data needed for exposed files data
authn-data
:
{
"name": "certificate",
"value": string, certificate (public key) of X.509 certificate
},
{
"name": "private-key",
"value": string, private key of X.509 certificate
}
AWS
application
: AWS
authn-data
:
{
"type": "basic",
"fields": [
{
"name": "region",
"value": string
},
{
"name": "access-key",
"value": string
},
{
"name": "secret-key",
"value": string. obfuscated
}
]
}
AWS-MultiTenant
application
: AWS-MultiTenant
authn-data
:
{
"type": "basic",
"fields": [
{
"name": "sqs-url",
"value": string
},
{
"name": "sqs-region",
"value": string
},
{
"name": "s3-region",
"value": string
},
{
"name": "access-key",
"value": string
},
{
"name": "secret-key",
"value": string. obfuscated
}
]
}
Box
application
: Box
authn-data
:
{
"type": "JWT",
"fields": [
{
"name": "jwt-json",
"value": string <JSON>
}
]
}
Google Apps
application
: Google Apps
authn-data
:
{
"type": "service-account",
"fields": [
{
"name": "service-credentials-json",
"value": json object
},
{
"name": "admin-username",
"value": string
},
{
"name": "api-scopes",
"value": string, default:https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.rolemanagement,https://www.googleapis.com/auth/admin.directory.orgunit,https://www.googleapis.com/auth/admin.reports.audit.readonly,https://www.googleapis.com/auth/apps.alerts
}
]
}
** IMPORTANT: the API scopes MUST be the exact same set of scopes authorized for the service account in Google admin console
OneLogin
application
: OneLogin
authn-data
:
{
"type": "basic",
"fields": [
{
"name": "region",
"value": string. options ["eu", "us"]
},
{
"name": "client-id",
"value": string
},
{
"name": "client-secret",
"value": string. obfuscated.
}
]
}
DUO
application
: DUO
authn-data
:
{
"type": "basic",
"fields": [
{
"name": "API hostname",
"value": string
},
{
"name": "Integration key",
"value": string
},
{
"name": "Secret key",
"value": string. obfuscated.
}
]
}
Google Cloud Platform (GCP)
application
: Google Cloud Platform (GCP)
authn-data
:
{
"type": "basic",
"fields": [
{
"name": "service-credentials-json",
"value": string. multiline.
}
]
}
Azure
application
: Azure
authn-data
:
{
"type": "oauth2",
"fields": [
{
"name": "client-id",
"value": string
},
{
"name": "client-secret",
"value": string. obfuscated
},
{
"name": "tenant-id",
"value": string
}
]
}
Okta
application
: Okta
authn-data
:
{
"type": "basic",
"fields": [
{
"name": "url",
"value": string
},
{
"name": "api-token",
"value": string. obfuscated
}
]
}
Private Application
application
: Private Application
authn-data
:
2 Possible authentication sets, depending on the storage method:
For type local-directory
{
"type": "local-directory",
"fields": [
{
"name": "application-name",
"value": string
},
{
"name": "directory-path",
"value": string
}
]
}
For type azure-shared-access-signature
{
"type": "azure-shared-access-signature",
"fields": [
{
"name": "application-name",
"value": string
},
{
"name": "shared-access-signature",
"value": string. obfuscated
}
]
}
Custom Application
application
: Custom Application
authn-data
:
{
"type": "s3-sqs-authn-type",
"fields": [
{
"name": "access-key",
"value": string
},
{
"name": "secret",
"value": string. obfuscated
},
{
"name": "s3-region",
"value": string
},
{
"name": "sqs-region",
"value": string
},
{
"name": "sqs-url",
"value": string
},
{
"name": "processor",
"value": string. options [
"Windows Security Events",
"Duo Events",
"Pulse VPN Events",
"Windows Events",
"Bluecoat Proxy Events"
]
}
]
}
Comments
0 comments
Please sign in to leave a comment.