You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: fern/pages/self-hosting.mdx
+41-13Lines changed: 41 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,9 +9,9 @@ online at [app.ssoready.com](https://app.ssoready.com). This article explains ho
9
9
instead of using the public, free version of SSOReady at [app.ssoready.com](https://app.ssoready.com).
10
10
11
11
<Tip>
12
-
This article focuses on running SSOReady in your own cloud. You can also run SSOReady in your customer's cloud, so that
13
-
SSOReady becomes a component of your larger on-premises offering to your customers; the only difference is that you'll
14
-
need to follow these instructions for each customer.
12
+
This article focuses on running SSOReady in your own cloud. You can also run SSOReady in your customer's cloud, so that
13
+
SSOReady becomes a component of your larger on-premises offering to your customers; the only difference is that you'll
14
+
need to follow these instructions for each customer.
15
15
</Tip>
16
16
17
17
# SSOReady Components
@@ -166,7 +166,7 @@ by using a new random, 64-digit hex number.
166
166
## `id_token` Signing Key
167
167
168
168
<Note>
169
-
This section is only required if you use [SAML-over-OAuth](/docs/saml-over-oauth-saml-nextauth-integration).
169
+
This section is only required if you use [SAML-over-OAuth](/docs/saml-over-oauth-saml-nextauth-integration).
170
170
</Note>
171
171
172
172
SSOReady's SAML-over-OAuth integration has `ssoready-auth` act as an OIDC-compliant server. Such servers need to issue
@@ -256,32 +256,60 @@ for creating an OAuth app](https://learn.microsoft.com/en-us/entra/identity-plat
256
256
* The app's "Application (Client) ID", a UUID, is what you use for `API_MICROSOFT_OAUTH_CLIENT_ID` and `APP_MICROSOFT_OAUTH_CLIENT_ID`.
257
257
* Create a "client secret" credential (Microsoft documents this [here](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app?tabs=client-secret#add-credentials) under the "Add a client secret" tab). The secret's value is what you put in `API_MICROSOFT_OAUTH_CLIENT_SECRET`.
258
258
259
+
## Enabling the Management API
260
+
261
+
The [SSOReady Management API](/docs/management-api) lets you programmatically
262
+
automate everything that would otherwise require a human to click around in the
263
+
SSOReady web application. If you don't need the Management API, skip this
264
+
section.
265
+
266
+
To enable the Management API in a self-hosted instance of SSOReady, you must
267
+
first log into the SSOReady web application a first time. That will create a
268
+
`app_organizations` row in the SSOReady database, upon which you can enable the
269
+
Management API.
270
+
271
+
Once you have logged into SSOReady, you can next connect to your your SSOReady
272
+
database (using `psql` or any other tool you're comfortable with), and run:
273
+
274
+
```sql
275
+
update app_organizations set entitled_management_api = true where id ='...';
276
+
```
277
+
278
+
To determine the appropriate `id` to run in the SQL command above, you may run:
279
+
280
+
```sql
281
+
select*from app_organizations;
282
+
```
283
+
284
+
In the common case where nobody else has logged into the SSOReady web
285
+
application, there will only be one `app_organizations` row to choose from.
286
+
259
287
# Configuring SDKs to talk to self-hosted SSOReady instances
260
288
261
289
By default, the SSOReady SDKs expect to talk to `https://api.ssoready.com`. When you're running SSOReady self-hosted,
262
290
you need to point it to your own instance of `ssoready-api`. Here's how you do that, supposing your `ssoready-api` lives
0 commit comments