Using OAuth as the Authentication Source for Digital Hive
Question
Can Digital Hive leverage OAuth as the authentication source so that existing users and groups can be used?
Answer
OAuth sources like Azure and Google can both be leveraged for Digital Hive authentication.
When using external third-party authentication sources, like OAuth, the very first user that logins in to Digital Hive will be the Super user. It is thus required that configuring Digital Hive integration with OAuth be done before anybody access the Digital Hive platform. If a user logs into Digital Hive BEFORE configuring the integration with OAuth, there will be no way to assign an OAuth user as the Super user and all OAuth users will end up being consumers with no access to the Control Center.
If this scenario arises, please reach out to Digital Hive Support either through the Helpdesk portal or via email at support@digitalhive.com.
- Through the Windows Services interface, stop the DigitalHive-node1 service
- Using the File Explorer, navigate to the <digitalhive_install_location>\app\node1\tomcat\bin directory
- Right click on the tomcat9w file
- Select Create shortcut
- Drag the newly created tomcat9w - Shortcut to the Windows Desktop
- Right click on tomcat9w - Shortcut
- Select Properties
- On the Shortcut tab, append //ES//DigitalHive-node1 to the current Target value ensuring that there is a space between the current value and the appended string
- Click OK
- Double click the tomcat9w - Shortcut file
- Click Yes
- Select the Java tab
- In the Java Options, append -Dspring.profiles.active=oauth_auth to the bottom of the list
-
- Click OK
- Using the File Explorer, navigate to the <digitalhive_install_location>\app\node1\tomcat\conf directory
- In Microsoft Azure, an OAuth App registration will have been created so get the AppID, app secret, and tenant ID
- Edit the theia.properties file and add the following parameters:
spring.security.oauth2.client.registration.azure.client-id=<value>
spring.security.oauth2.client.registration.azure.client-secret=<value>
azure.activedirectory.tenant-id=<value>
In Windows Services, start the DigitalHive-node1 service. When Digital Hive has started, launch Digital Hive and you will be prompted to login using OAuth.
Related Articles
Using OIDC or Oauth as the Authentication Source for Digital Hive
Question Can Digital Hive leverage OIDC (OpenID Connect) or Oauth as the authentication source for Digital Hive? Answer Digital Hive can be configured to use OIDC and/or Oauth authentication, but some default configuration parameters will have to be ...
Using Active Directory as the Authentication Source for Digital Hive
Question Can Digital Hive leverage Active Directory as the authentication source so that existing AD users and groups can be used? Answer Digital Hive can be configured to use Active Directory authentication as long as the Digital Hive server is ...
Using SAML as the Authentication Source for Digital Hive
Question Can Digital Hive leverage SAML as the authentication source so that existing an SAML provider can be used? Answer Digital Hive, both Windows and Linux, can be configured to use SAML authentication. It is highly recommended that SAML ...
Automatically Creating and Renewing OAuth User Credentials
Starting in the Digital Hive 2024.2 release (April 2024), it is now possible to automatically 'unlock' OAuth user credentials when a user first logs into Digital Hive. This means that first time users won't have to remember to unlock their personal ...
Using IBM Cognos Analytics APIkey Authentication
Overview As of the Digital Hive 2024.2 release, it is possible to leverage API keys generated in IBM Cognos Analytics, to secure and access Cognos content. This method of authentication should be considered when traditional Single Sign On options ...