Walkthrough: Salto Ks Login With External Idp

Number of APIs: 3

This collection consists of steps required to obtain an access token through external Identity Provider login.

Use it with Qodex environment variables set called 'IDS Integration Partner guide'.

Prerequisites to populate environment variables:

ClientID/Password pair for Password authentication flow - please request from SaltoKS Support team
Env variables
clientwithpasswordid: {{clientwithpasswordid}}
clientwithpasswordsecret: {{clientwithpasswordsecret}}
ClientID for Authorization code with PKCE authentication flow
Env variables
clientwithpkceid: {{clientwithpkceid}} - please request from SaltoKS Support team
clientwithpkceredirecturi: {{clientwith_pkceredirect_uri}} => please share with SaltoKS support team
Integration partner has a user (self registered or invited to a site) and a Site
Env variables
siteid: {{siteid}} - site where you expect a new user to belong
systemuserusername: {{systemuserusername}} - this user can either be self-registered or invited via SaltoKS Web App
system_userpassword: {{systemuser_password}} - this user can either be self-registered or invited via SaltoKS Web App

So the flow is:

User exists (or created in advance) in Integration Partner’s Identity Provider
Integration Partner creates the User in Connect API. It is a server-to-server call, initiated by Integration Partner’s Backend app. In this Qodex collection it's imitated in Step 1.3
IMPORTANT: there is no auto provision of users in current implementation. If a user that wasn’t previously created though Step 1.3 and tries to login, an error will be thrown.
User logs into Integration Partner’s Application (Web Front End/Mobile). It is imitated in Step 2.1
Once logged in through Integration Partner's Idp and access token is obtained, it can be reused for Connect API calls until it expires.