LiquidPlanner

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for LiquidPlanner using SAML.

About LiquidPlanner

LiquidPlanner is a platform-independent, online project management system to manage the uncertainty in project schedules. This collaborative software is accessible via modern web browsers and mobile applications for iPhone, iPad, and Android operating system-based devices.

After integrating LiquidPlanner with Oracle Identity Cloud Service:

  • Users can access LiquidPlanner using their Oracle Identity Cloud Service login credentials.
  • Users can start LiquidPlanner using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the LiquidPlanner app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • A LiquidPlanner account with authorization rights to configure federated authentication.
  • Make sure that the email ID of each user in LiquidPlanner matches the primary email ID of the Oracle Identity Cloud Service account.

Configuring the LiquidPlanner App in Oracle Identity Cloud Service

Use this section to register and activate the LiquidPlanner app, and then assign users to the app.

Prerequisite Steps

A dedicated account ID is required before you can register and activate the LiquidPlanner app.

  1. Access LiquidPlanner as an administrator using the URL: https://app.liquidplanner.com/login. The LiquidPlanner home page appears.

  2. In the upper-right corner, click the user drop-down list, and then select Settings. The Workspace Summary page appears.

  3. Locate the Workspace Settings section, and then click Single Sign-On Configuration. The Single Sign-On Configuration page appears.

  4. Under the Configuration tab, copy the value given in the Custom Subdomain Link field.

    Image img1.png displays the Single Sign-On Configuration page with the account ID highlighted in the Custom Subdomain Link field.

    Note: Use this value later during the LiquidPlanner registration in the "Registering and Activating the LiquidPlanner App" section.

Registering and Activating the LiquidPlanner App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for LiquidPlanner, and then click Add.

  4. In the App Details section, enter your LiquidPlanner Account ID, and then click Next.

    Tip: This is the value that you obtained while performing the steps in the "Prerequisite Steps" section.

  5. Click Download Signing Certificate.

    Tip: Use this file later during the LiquidPlanner configuration in the "Configuring SSO for LiquidPlanner" section.

  6. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  7. Click Activate, and then click Activate Application. The Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the LiquidPlanner App

  1. On the LiquidPlanner app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.

  2. Select users that you want to assign to LiquidPlanner, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the LiquidPlanner app is assigned to the users that you selected.

Converting Oracle Identity Cloud Services Certificate to Fingerprint Format

  1. Go to https://www.samltool.com/fingerprint.php, and then paste the certificate that you downloaded earlier in the X.509 cert text box.

    Tip: This is the certificate that you downloaded during the Freshdesk registration in the "Registering and Activating the Freshdesk App"" section.

  2. Select SHA256 from the Algorithm drop-down list, and then click CALCULATE FINGERPRINT.

  3. Make note of the converted fingerprint in the Formatted Fingerprint text box.

NOTE: Use this fingerprint later during SSO configuration in the "Configuring SSO for LiquidPlanner" section.

Configuring SSO for LiquidPlanner

  1. Access LiquidPlanner as an administrator using the URL: https://app.liquidplanner.com/login. The LiquidPlanner home page appears.

  2. In the upper-right corner, click the user drop-down list, and then select Settings. The Workspace Summary page appears.

  3. Locate the Workspace Settings section, and then click Single Sign-On Configuration. The Single Sign-On Configuration page appears.

  4. Under the Configuration tab, use the following table to update the federated authentication attributes, and then click Save. The Test URL tab is enabled.

    This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration.
    Attribute Value
    SAML Identity Provider Certificate Paste the converted fingerprint that you obtained while performing steps in the "Converting Oracle Identity Cloud Services Certificate to Fingerprint Format" section.
    Current Remote Login URL Enter the Sign-in URL/SSO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso.

  5. Under the Test URL tab, click Test Login to test the configuration settings and enable SSO. If the test is successful, the Enable SSO tab is enabled.

  6. Under the Enable SSO tab, Select the Yes option to allow users to authenticate to LiquidPlanner using the user name and password designated for them in their directory service, and then click Save. The Member Setup tab is enabled.

  7. Under the Member Setup tab, select the No option under the Enable SSO for All Members section.

  8. Select the Yes option under the Enable SSO for All New Members by Default section.

  9. Under the Change SSO Requirement for Individual Members section, select the required users from the SSO Disabled column and move them to the SSO Enabled column to enable SSO for the selected users, and then click Save.

    Note: Enabling SSO deactivates the ability to log in using the user name and password. Remain logged in to the LiquidPlanner session until you complete the next section to verify that Identity Provider initiated SSO from Oracle Identity Cloud Service works.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP Initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the LiquidPlanner app. Oracle Identity Cloud Service displays a shortcut to LiquidPlanner under My Apps.

  3. Click LiquidPlanner. The LiquidPlanner home page appears.

  4. In the upper-right corner, confirm that the user logged in is the same for both LiquidPlanner and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from LiquidPlanner

  1. Access LiquidPlanner using the URL: https://app.liquidplanner.com/login. The login page appears.

  2. Enter the Business Email, and then click Sign in. You are redirected to the Oracle Identity Cloud Service login page.

  3. Log in using credentials for a user that is assigned to the LiquidPlanner app. The LiquidPlanner Dashboard page appears.

  4. In the upper-right corner, confirm that the user that is logged in is the same for both LiquidPlanner and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from LiquidPlanner works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

LiquidPlanner displays the message, "Please contact your IT department to address any issues with your username and password. Could not authenticate you from SAML because "Saml response is missing an email address to identify the user"".

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in LiquidPlanner.

Solution: Ensure that the user that you assign to the LiquidPlanner app has an account in both Oracle Identity Cloud Service and LiquidPlanner with the same email address.

Oracle Identity Cloud Service displays the message, "You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service LiquidPlanner app and LiquidPlanner is deactivated.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select LiquidPlanner.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the LiquidPlanner app using Oracle Identity Cloud Service.

Solution 2:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select LiquidPlanner.
  • In the App Details section, select Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.