This document explains how to implement MonoSign with Dependency Track. It covers Single Sign-On and also group mapping for the Dependency Track Application.
Before you continue, starting with Dependency Track’s Single Sign-On implementation page is better.
Creating an Application on MonoSign
Create your application on MonoSign and configure your access policy. Once you create, click “Keys” and add a new Access Key for OpenId / OIDC Key for access.
We will need this information while we configure the Dependency Track app.
You are going to see your configuration for your Dependency Track app as follows;
We are also going to need to configure group mapping for users. Click “Configure” on your OpenId / OIDC key, click “OpenId / OIDC Settings” and scroll down to group mappings.
Enable Group Mapping to Yes
Group Mapping Attribute should be “groups” (without quotes)
If you want to filter your groups for mapping, you can use examples as shown on the page.
If you configured it all, you have finished your MonoSign configuration. Now you continue with the Dependency Track app.
Your application needs to have access to groups. If you are configured yet, you can Edit your application, go to the “Source, Provider and Profile” tab, and configure User Group Access Type “Assigned Users and Defined Sources”. It means this application can access users’ groups when they sign in.
User Access Type
Defines which Users will access this application.
Only Assigned Users
User Group Access Type
Defines the application’s user group access
Only Assigned Users
Profile Access Type
Defines Application’s user’s profile access
Restricted - Only restricted user profile attributes
Configuration Single Sign-On for Dependency Track
As we mentioned, please check out the Dependency Track’s SSO configuration page first.
You must add your OIDC (OpenId) settings to your API and Frontend application.
The following information is needed for your configuration file or environment file.
ALPINE_OIDC_ISSUER=https://your-account-url/ ALPINE_OIDC_CLIENT_ID=YOUR-MONOSIGN-APP-CLIENT-ID ALPINE_OIDC_USERNAME_CLAIM=name ALPINE_OIDC_TEAMS_CLAIM=groups ALPINE_OIDC_USER_PROVISIONING=true ALPINE_OIDC_TEAM_SYNCHRONIZATION=true
OIDC_ISSUER=https://your-account-url/ OIDC_CLIENT_ID=9b2809e0-03bd-44fe-92c6-f6e0d3f319cb OIDC_SCOPE=openid profile email OIDC_FLOW= OIDC_LOGIN_BUTTON_TEXT=MonoSign
You can gather this information from your Application Detail page on MonoSign.
Now, you need to configure your Dependency Track application for group mapping. Group mapping means which MonoSign User Group will be mapped as your Dependency Track application group. MonoSign can fetch all your users group from any source like Active Directory, LDAP, or a data store like MSSQL, MySQL, Postgres, etc.
Go to your Dependency Track app’s “Administration, OpenID Connect Groups” and click “Create Group”.
Type your MonoSign Group Name (it can also be your Active Directory or LDAP group name) and click Create. My group name is “Dependency Track Admin” on MonoSign. Map your group to Dependency Track Admin teams. I have mapped my “Dependency Track Admin” group to the “Administrators” team.
Now, go back to MonoSign, grant your users access, and try logging in.
Assign a user to the Dependency Track app
I will give permission to “john.smith” who is my user on MonoSign.
Click Users, then type your user’s name and navigate.
Click “Groups” and “Assign New Group”. Then, search your group and assign it.
Now, navigate to Applications, search your Dependency Track app, and Assign “john.smith”.
It is done. Now try logging in. Navigate to the “Dependency Track” app. Click MonoSign on the UI.
You will be redirected to MonoSign’s login page if everything is configured correctly. You can log in passwordlessly with your QR code or type your username and password.
When you log in, you will be redirected to the Dependency Track as Administrator.