Organization Manager Readme

Overview

The Organization Management component manages organizations (tenants) for the Axual Self-service platform.

It is a stateless component that handles user signups, user invites and SSO integration of the organization with either Auth0 or Keycloak.

Application overview
Figure 1. Application overview

How to Run a Local Environment

1. Using Auth0 as Authentication Server

Get Auth0 Environment Variables

  • Open Applications > APIs

    • Create a new API named Organization Management API

    • Provide an Identifier (should end with the domain of where it’s supposed to run e.g org.mgmt.byok.np.axual.cloud)

  • Open Applications > APIs > Auth0 Management API

    • Goto Machine to Machine Applications tab

    • Authorize the created Organization Management API

  • Open the drop-down beside the Authorized switch/button

  • Assign permissions

    • create:users

    • read:users

    • update:users

    • delete:users

    • create:users_app_metadata

    • read:users_app_metadata

    • update:users_app_metadata

    • delete:users_app_metadata

  • Press Update button to save the permissions

  • Go to the Auth0 portal and use the Auth0 Management API identifier as your audience

  • Goto Organization Management API (Test) from the Applications menu

  • In the Settings tab, copy the domain, clientId and clientSecret values and paste in the corresponding env variables

Provide the following values as config

{
  "authStrategy": "auth0"
  "auth0Domain": "{auth0 domain registered in auth0 portal for the API application in Applications}"
  "auth0ClientId": "{auth0 client ID registered for the API application in Applications}"
  "auth0ClientSecret": "{auth0 client secret registered for the API application in Applications}"
  "auth0Audience": "{auth0 API audience of the Auth0 Management API in auth0 portal}"
  "auth0DatabaseName": "{auth0 name of the db connection in auth0 portal}"
}

|== |Name |Possible Values |Required |Description |authStrategy |auth0 |True |the authentication provider for the installation

|auth0Domain |string |True |domain registered in the auth0 portal for the application

|auth0ClientId |string |True |client ID registered for the application in auth0 portal

|auth0ClientSecret |string |True |client secret registered for the application in auth0 portal

|auth0Audience |string |True |API audience of the Auth0 Management API in the portal

|auth0DatabaseName |string |True |name of the db connection in auth0 portal |==

2. Using Keycloak as Authentication Server

Get Keycloak Environment Variables

  • Go to the Keycloak portal and login

  • Note your login username and password as keycloakCLIUsername and keycloakCLIPassword respectively

  • Paste your keycloakDomain, keycloakCLIUsername and keycloakCLIPassword in the corresponding env variables

Provide the following values as config

{
  "authStrategy": "keycloak"
  "keycloakDomain": "{full https keycloak domain registered in keycloak portal}"
  "keycloakCLIUsername": "{keycloak admin-cli username that is used to login into the admin console}"
  "keycloakCLIPassword": "{keycloak password that is used to login into the admin console}"
  "tlsVerification": "{toggle tls veriification}"
  "trustStore":"{path to the CA certificate file for validating `tls`}"
}

|== |Name |Possible Values |Required |Description |authStrategy |keycloak |True |the authentication provider for the installation

|keycloakDomain |string |True |full https keycloak domain registered in keycloak portal

|keycloakCLIUsername |string |True |keycloak admin-cli username that is used to login into the admin console

|keycloakCLIPassword |string |True |keycloak password that is used to login into the admin console

|tlsVerification |boolean |False. Defaults to false |Toggle tls verification

|trustStore |string |False |path to the CA certificate file for validating tls connection |==