Automate - Configure Relativity OIDC

Owned by Troy Adkins (Unlicensed), created
Oct 01, 2023
2 min read

The material in this document is for informational purposes only. The products it describes are subject to change without prior notice, due to the manufacturer’s continuous development program. Rampiva makes no representations or warranties with respect to this document or with respect to the products described herein. Rampiva shall not be liable for any damages, losses, costs or expenses, direct, indirect or incidental, consequential or special, arising out of, or related to the use of this material or the products described herein.

Introduction

This article will guide you on how to set up a Relativity OIDC to use as Authentication for Rampiva Scheduler.

Prerequisites 

  • Relativity Administrator access

  • Rampiva Scheduler

Instructions

A. Creating a Relativity OAuth2 Access Point in Relativity

1

Log in to Relativity as an administrator.

 

2

Open the AuthenticationOAuth2 Client page.

 

3

Select the New OAuth2 Client to create an OIDC client for Rampiva, with the following settings:

  1. Name: Rampiva Automate

  2. Enabled: Yes

  3. Flow Grant Type: Code

  4. Redirect URIs: https://automate.example.com/api/v1/users/oidcResponse, where https://automate.example.com corresponds to the URL used to access Rampiva Automate.

  5. Access Token Lifetime: 43200

4

The Access Token Lifetime value 43200 signifies that Relativity will issue tokens to Rampiva Automate which are valid for 30 days. Because the Relativity OAuth2 Client does not support refreshing the tokens, a long enough value for the token lifetime must be used. The tokens are issued when the user logs in to Rampiva Automate with the Relativity credentials and are used in Jobs containing Relativity operations. If the token expires before the Job finishes, the Relativity operations in the Job will fail.

B. Creating the Relativity OAuth2 Connection in Rampiva Scheduler

1

In Rampiva Scheduler add a new OIDC Authentication Service, using the Add + OIDC Authentication Service button and provide the following information:

  1. Name: Relativity

  2. Well-Known Configuration URI: https://relativity.example.com/Relativity/Identity/.well-known/openid-configuration, where https://relativity.example.com/Relativity, is the URL used to access the Relativity application.

  3. Scope: openid RelativityRequestOrigin UserInfo UserInfoAccess AuthenticationID RelativityWeb SecureTokenServiceAdmin

  4. Username Claim: sub

  5. Client ID: The Client Id from the Relativity OAuth2 Client created in the previous steps.

  6. Client Secret: The Client Secret from the Relativity OAuth2 Client created in the previous steps.

 

1

Create a Security Policy that encompasses the newly created Relativity OIDC Authentication scope.