Skip to main content

Identity providers

IAM Identity Providers

Overview

Hii Retail IAM supports authentication by a federated identity provider. It allows users to authenticate to Hii Retail using the credentials already familiar to them for systems like Microsoft Azure AD, Okta, or Ping Federate.

Creating and configuring an Identity Provider is a simple procedure performed in the Hii Retail IAM Management Console. Once complete, your Hii Retail Users will see a new log-on option on the Hii Retail landing page, which allows them to log in via the Identity Provider. To create and configure "Identity Provider" you will need the following permissions

  • iam.provider.create,
  • iam.provider.update,
  • iam.provider.list.

For these permissions, you need to have one of these roles: iam.admin, iam.provider-admin.

OIDC Provider

Hii Retail supports any Certified OpenID 2.0 Identity Provider.

SAML Provider

Hii Retail supports any SAML2 Providers. Some of the big vendors that support SAML2 are:

  • Azure AD by Microsoft
  • Workspace by Google

IDP Logout

It is also possible to specify a Logout URL for provider of any type. Upon logout, Hii Retail will redirect to Logout URL so identity provider can perform any needed actions.

Example: you can use https://login.microsoftonline.com/common/oauth2/logout as Logout URL for Azure AD for both OIDC and SAML2 protocols

Configuration

After you created an Identity Provider in Hii Retail, you will also need to:

Add the following URIs to the list of authorized redirect URIs of your Provider:

  • https://<tenant>.hiiretail.com/__/auth/handler
  • https://<tenant-test>.hiiretail.com/__/auth/handler

Where <tenant> is your tenant alias

Note: the trailing /__/auth/handler is important.