Configuring the IdP

For internal users, the IdP must store:

  • The user's credentials (for example, user name and password)

For external users, the IdP must store:

  • The user's credentials (for example, user name and password)
  • The list of API roles that are to be granted to the user
  • The user's resource access IDs

The IdP must provide this information to Guidewire Hub when it asserts the user's identity. This information is used to verify the user's identity and to determine the user's endpoint and resource access.

Note: The IdP is relevant only for the internal user auth flow and external user auth flow. The service auth flows (standalone service, service with user context, and service with service account mapping) do not make use of an IdP. When you implement a service flow, there are no IdP requirements.

Configure the IdP for internal users

Before you begin

This procedure is necessarily only when using the internal user auth flow. It is not necessary for the service with user context flow, even if the user in the user context is an internal user.

Procedure

  1. Configure your IdP so that every internal user is associated with their user credentials (such as user name and password).
  2. Configure your IdP so that when an internal user is verified, the authorization information is asserted using the following attribute names:
    • User name is asserted as bc_username

Configure the IdP for external users

Before you begin

This procedure is necessarily only when using the external user auth flow. It is not necessary for the service with user context flow, even if the user in the user context is an external user.

Procedure

  1. Configure your IdP so that every external user is associated with their user credentials (such as user name and password).
  3. Configure your IdP so that when an external user is verified, the authorization information is asserted using the following attribute names:
    • API roles are asserted as an array named groups.