myleo / dsc login methods (EN)
Classification of the login methods overview page and subpages = internal
- The protection requirement is inherited (if not explicitly classified higher)
There are three ways to log in to myleo / dsc and authenticate yourself:
- Direct login
- Login via SAML
- Login via OpenID Connect
It is possible to create and use multiple login methods (SAML and OpenID Connect) simultaneously.
Direct login to myleo / dsc
You have the option of logging in directly to myleo / dsc. To do this, you must log in with your registered e-mail address and password.
To complete the registration, click on "Login".
The login link must be forwarded to the individual users so that they can log in to myleo / dsc.
Remove an individual login area
In the My Company app, an individual login area can be subsequently removed.
To do this, click on the Edit button with pencil icon in the Login area tab.
In edit mode, you can remove the individual login area by clicking the Reset button.
Then confirm the security query by clicking the Reset button.
Activate / deactivate e-mail login
The security guidelines are available in the My Company app. To do this, click on the Security guidelines tab. In the Login area, you can activate or deactivate the e-mail login. To do this, click on the Edit button.
If you activate the "Disable email login" checkbox, only login via SAML or OpenID Connect is possible.
Direct login to myleo / dsc is not available in this case.
After saving, the status can be called up within the Login area.
It is possible to grant individual users permission to log in directly to myleo / dsc with their email address anyway.
This option is specifically required by administrators to override login settings.
Within the Employees app, this authorisation (Allowed to use - E-Mail & Password-Authentication) can be assigned individually for each employee.
Login via SAML
What is SAML?
The Security Assertion Markup Language (SAML) is a standardised method of telling external applications and services to uniquely identify a user. In doing so, the user is authenticated and not authorised.
In contrast to authentication, where the identity of the user is checked, authorisation is about the user's permissions to do something within the programme.
SAML uses single sign-on (SSO) technology, which allows a user to be authenticated for several applications and services at the same time. This authentication is then transmitted to several applications.
The user only logs on to a single login screen and can then use several programmes. This eliminates the need to prove one's identity for each service one wishes to use.
The latest version of SAML is SAML 2.0.
Add SAML as a login method
To add SAML as another login method, click on the "+" symbol.
You must enter the following information in the input window:
- Name
- Issuer
- Certificate
- Authorization-URL
Optionally, you can add the following attribute contents (assertions):
- User-ID (sub)
- Firstname (given_name)
- Lastname (family_name)
- Email address (email)
The naming of the assertions (sub), (given_name), (family_name) and (email) can be changed. These must be filled before registration.
After entering the data, click on Save. The created login method appears in the overview of existing login methods.
Edit SAML as login method
To edit an existing SAML login method, select it by ticking the checkbox and press the Edit button.
The detail window then opens with the individual contents of the registration method. You can subsequently change all fields, with the exception of the type.
After entering the changes, click on the Save button. The login method is updated and displayed in the overview.
Remove SAML as login method
To remove an existing SAML login method, select it by ticking the checkbox and press the Delete button.
Confirm the removal of the login method by pressing the Delete button. If you are not sure, you can end the deletion process by pressing the Cancel button.
The Login Screen (SAML)
After you have pressed the login button, you will be redirected to the page of an identity provider. There you log in with your login data. It is necessary that you agree to the release of your name and e-mail address.
If the user does not yet exist in myleo / dsc, it is created as a new user via SAML.
The employee can then be found in the **Employees **App and can be edited.
The user logs in to myleo / dsc. He is authenticated by the external identity provider.
You can access the metadata XML for your company for your identity provider using GET [https://portal.leogistics.cloud/leoapi/auth/saml/metadata/{companyId}.](https://portal.leogistics.cloud/leoapi/auth/saml/metadata/{companyId}.)
Technical information (Administrator)
| Bereich | Details |
|---|---|
| Signierte Bereiche | entweder Assertion oder komplette Response (mindestens ein Eintrag notwendig) |
| Signature Algorithm | SHA512 |
| Digest Algorithm | SHA512 |
| Callback-URL | POST https://portal.leogistics.cloud/leoapi/auth/saml/callback/{companyId} |
This URL refers to the Prod environment. This pattern can also be used for other environments in order to test in the preprod environment beforehand.
Login via OpenID Connect
What is OpenID Connect?
OpenID Connect allows clients to verify the identity of the end user based on the authentication performed by an authorisation server and to obtain basic profile information about the end user.
Information about authenticated sessions and end users can be requested and received. OpenID Connect is extensible, allowing users to take advantage of optional features such as identity encryption, OpenID provider discovery and logout.
Add OpenID Connect as a login method
To add OpenID Connect as another login method, click on the "+" symbol.
You must enter the following information (claims) in the input window:
- Name
- Issuer URL
- Authorization URL
- Token-URL
- User Info URL
- Client ID
- Client Secret
The following information must be requested from the provider:
- Issuer URL
- Client ID
- Client Secret
After entering the data, click on Save. The created login method appears in the overview of existing login methods.
Edit OpenID Connect as login method
To edit an existing OpenID Connect login method, select it by ticking the checkbox and press the Edit button.
The detail window then opens with the individual contents of the registration method. You can subsequently change all fields, with the exception of the type.
After entering the changes, click on the Save button. The login method is updated and displayed in the overview.
Remove OpenID Connect as login method
To remove an existing OpenID Connect login method, select it by ticking the checkbox and press the Delete button.
Confirm the removal of the login method by pressing the Delete button. If you are not sure, you can end the deletion process by pressing the Cancel button.
The login screen (OpenID Connect)
After successful login, authentication with a third party takes place. The user is then redirected to the Launchpad / Login UI.
If the user does not yet exist in myleo / dsc, it is created as a new user via OpenID Connect.
The employee can then be found in the **Employees **App and can be edited.
Technical information (Administrator)
| Supported | code flow (no implicit and no hybrid) |
| Response_type | code |
| Callback-URL | POST portal.leogistics.cloud/leoapi/auth/oidc/callback?companyId={companyId}) |
The code is used to query the Token URL, for which the corresponding claims (email, given_name, family_name, sub) must be filled in.
This URL refers to the Prod environment. This pattern can also be used for other environments in order to test in the preprod environment beforehand.
Updated 7 months ago