Configuration

Configuring Passwordless Authentication using OIDC

To configure BlokSec Passwordless Authentication, you have to make sure that the Delinea OIDC template is properly configured in the BlokSec Admin UI, the OIDC is Configured for BlokSec in the Delinea platform, and that the Platform callback URL is set to Redirect URIs.

Configure the Delinea OIDC Template in the BlokSec Admin UI

  1. Log into BlokSec admin UI as a user with admin privileges for your tenant

  2. On the main dashboard, open the Add Application drop-down and select Create From Template.

  3. Select the Delinea OIDC template.

  4. Complete the OIDC configuration with the following values (adjusting if required to meet your desired requirements):

    1. Name: Change the name if required to meet your organizational requirements.

    2. Session length: Length of the authenticated session. The default value is set to 60 minutes.

    3. Redirect URIs: <leave blank for now>

    4. Post Logout Redirect URIs: https://<yourtenantname>.delinea.app

  5. Select Submit to save the configuration.

  6. Once saved, go back to the newly created application to open the application configuration

  7. Select Generate App Secret, then make a note of the Application ID and Application Secret as these will be required when registering the Delinea platform with BlokSec.

Configure OIDC for BlokSec in the Delinea Platform

  1. Log into the Delinea platform as a user with admin privileges

  2. Navigate to Settings  > Federation providers.

  3. Select the Add Provider button on the top right corner of the screen and select OIDC.

  4. Complete the OIDC configuration with the following values (adjusting if required to meet your desired requirements)

    1. Name: BlokSec Immutable Authentication (change the name as required to meet your organizational requirements)

    2. Status:  checkmark beside Enabled

    3. Endpoint URL: https://api.bloksec.io/oidc

    4. Client ID: Enter the value of the Application ID captured in the BlokSec Admin UI (step 6).

    5. Client secret: Enter the value of the Application Secret captured in the BlokSec Admin UI (step 6).

  5. Navigate to the Domains section and add the domain name to be protected by this OIDC Federation Provider.

  6. Select Save.

  7. Once the configuration is saved and redirection to the newly created Federation provider Setting page, copy the Platform callback URL.

Set the Platform Callback URL to Redirect URIs

  1. Log into BlokSec admin UI as a user with admin privileges for your tenant

  2. Select Applications in the left navigation pane, and select the Delinea application created in the BlokSec Admin UI section.

  3. Select the gear icon, and select Edit Application.

  4. Paste the value of the Platform callback URL provided when you configured OIDC in the Delinea Platform.

  5. Select Submit to save configuration changes

Configuring Passwordless Authentication using SAML

Configure SAML in the BlokSec Admin UI

  1. Log into the BlokSec Admin UI using an user with admin privileges for your tenant.

  2. On the main dashboard, select the Create From Template option from the Add Application dropdown.

  3. Select the Delinea (SAML) template.

  4. Complete the SAML configuration with the following values (adjusting if required to meet your desired requirements):

    • Name: Change the name as required to meet your organizational requirements.

    • Session length: Length of the authenticated session. Default value is set to 60 minutes. Minutes

    • Entity ID: https://api.bloksec.io

    • Name ID Source: EmailAddress (change the value in the dropdown if the name ID source is not an email address)

    • Assertion Consumer Service: https://<yourtenantname>confidentiality-federation/saml/assertion-consumer

    • Single Logout Service: https://<yourtenantname>.delinea.app/identity-federation/saml/logout-consumer

  5. Select Submit to save the configuration

  6. Select Download and save the metadata file.

Configure SAML for BlokSec in the Delinea Platform

  1. Log into the Delinea platform as a user with admin privileges

  2. Navigate to Settings  > Federation providers.

  3. Select the Add Provider button on the top right corner of the screen and select SAML.

  4. Navigate to Settings > SAML provider configuration.

  5. Go to the Select file option to upload the metadata.xml file saved from BlokSec.

  6. Select Apply to save the configuration settings.

  7. Select Edit, and update the SAML configuration with the following values (adjusting if required to meet your desired requirements):

    • Name: BlokSec Immutable Authentication (or change as required).

    • Status: Check the Enabled box.

  8. Update the Source values as follows:

    • Change EmailAddress to email.

    • Change Name to displayname.

    • Change nameidentifier to sub.

    • Change upn to upn.

  9. Navigate to the Domains section and add the domain name to be protected by this OIDC Federation Provider.

  10. Click Save to finalize the configuration.