Delegated Authentication allows users in your organization to authenticate against your organization's Identity Access Management solution (also referred to as Identity Provider or IdP) instead of using Nearmap credentials. Users will be able to use the same credentials they use to access applications within your organization.
Just-In-Time (JIT) Provisioning can be enabled to allow new users to sign in to Nearmap applications without needing to be sent an invitation to sign up to your account.
NOTE: Nearmap Delegated Authentication is not an SSO solution; you must start the login process from Nearmap MapBrowser or MyAccount, not from your organization's IdP.
The steps for setting up Delegated Authentication and JIT Provisioning are covered in this article.
Setting up a connection
This is the most important step in configuring Nearmap Delegated Authentication. Please review these steps carefully and follow the detailed instructions provided below.
Overview of steps
Before you begin, let us take you through an overview of the main steps involved in setting up a connection that you will allow you use the credentials in your IdP to log in to Nearmap.
- Choose a Connection ID.
- Select the protocol to use.
- In your IdP, create a connection to Nearmap.
- Enter the IdP's metadata URL.
- Enable JIT if it's required.
Each of these steps is explained in detail below.
On the Account, Authentication tab, click CREATE CONNECTION. The Create connection dialog is displayed. Here, you will set up a connection from Nearmap to your organization's IdP.
Choosing a Connection ID
Choose a unique connection ID. The identifier must be unique in your account and can contain only letters or numbers with a maximum of 30 characters.
Complete the Connection ID field. The Connection ID field is pre-populated with a prefix that Nearmap provides. At the end of the prefix, specify the chosen unique identifier for the connection.
NOTE: Note down your Connection ID; you will need to use the Connection ID to create the Delegated Authentication connection/application in your IdP.
Selecting the protocol
Select the authentication Protocol to be used for this connection. Nearmap supports WS-Federation and SAML-P which is also referred to as "SAML 2".
NOTE: Some IdPs support both of these while others only support one or the other.
Creating a connection to Nearmap in your IdP
In your IdP, create a connection to Nearmap.
NOTE: Your IdP may use a different name for this concept, the most common one being "application".
In general, you will need to use your chosen Connection ID in the properties you enter to create the IdP connection. After creating the connection, copy its metadata URL for use in the next step.
See Supported Integrations for details of this for specific IdPs.
Specifying the metadata URL
In the Identity Provider Metadata URL field, enter the URL from the step above.
NOTE: This URL needs to be accessible from the IP addresses listed for the United States region in IP Addresses for Allow Lists.
Enable Just-in-time User Provisioning if you want to automatically provision new users to access Nearmap applications.
The connection is created and listed in the YOUR CONNECTIONS section. Test your connection to ensure that it's working.
If an error is displayed, see Troubleshoot Setup Errors.