MicroStrategy ONE

Integrating a Custom Application with MicroStrategy Identity

You can enable users in your Identity Network to sign in to custom web or mobile application using the MicroStrategy Badge app on their smartphones. If your application is not a standard option available in MicroStrategy Identity Manager, you can integrate your application with MicroStrategy Identity by embedding its functionality into your application using the MicroStrategy Identity SDK.

For example, to allow users to log in to your web application by scanning a QR code with their MicroStrategy Badge app, you can embed MicroStrategy Identity login functionality into your web application.

To create a certificate signing request (CSR) to secure your connection, you must have a third-party tool to generate CSRs, such as the OpenSSL® utility.

The application that you want to integrate with MicroStrategy Identity does not use the Security Assertion Markup Language (SAML) protocol. For steps to integrate a SAML-enabled web application with MicroStrategy Identity, see Integrating a SAML-Enabled Web Application with MicroStrategy Identity.

To Create a Certificate Signing Request (CSR)

Create a Certificate Signing Request (CSR)

You enable private communication between the MicroStrategy Identity Server and MicroStrategy Identity components running locally on your system by configuring them to use SSL (secure sockets layer) encryption while communicating with each other. To do this, you must obtain an SSL certificate signed by MicroStrategy Identity. You generate the signed certificate by submitting a certificate signing request (CSR) through MicroStrategy Identity Manager to be signed by MicroStrategy Identity.

Use a third-party tool to create a certificate signing request (CSR) that meets the following requirements:

  • RSA key size of at least 3072 bits
  • Hash algorithm of SHA-256 or higher
  • The CSR uses the following values:
    • Organization Name: Usher
    • Organizational Unit Name: Application

You can create a certificate signing request (CSR) using the OpenSSL® utility. If you have installed MicroStrategy Identity on Windows, the OpenSSL utility is included. Alternatively, you can download the OpenSSL utility from https://www.openssl.org/community/binaries.html. On Linux, an openssl utility is included with many distributions.

The steps below contain only the information required to configure or use OpenSSL with MicroStrategy Identity. See the OpenSSL documentation for the latest information.

To Create a CSR Using OpenSSL

  1. Depending on your platform, do one of the following:
    • Windows: Open a command prompt window as administrator, and navigate to the location where OpenSSL is installed.
      • If you use the utility installed with MicroStrategy Identity, the default is C:\Program Files (x86)\Common Files\MicroStrategy\OpenSSL\openssl-1.0.2e\.
      • If you installed the utility manually, the default is C:\OpenSSL- Win32\bin.
    • Linux: Open a terminal window.
  2. To create a private key and certificate signing request (CSR), enter the following command:

    openssl req -new -newkey rsa:rsaKeySize -shaHashAlgorithm -nodes -subj '/O=Usher/OU=Application' -keyout KeyName.key -out CSRName.csr

    where:

    • rsa:rsaKeySize = the RSA key size. For example, enter rsa:3072 to create an RSA key size of 3072 bits.
    • -shaHashAlgorithm = the hash algorithm. For example, enter -sha256 to use the SHA-256 hash algorithm.
    • KeyName.key = the name that you want to give the private key file. By default, the private key file is created in the current location. To create the file in a different location, include the location path in the KeyName.key parameter.
    • CSRName.csr = the name that you want to give the CSR file. By default, the CSR file is created in the current location. To create the file in a different location, include the location path in the CSRName.csr parameter.

      For example: openssl req -new -newkey rsa:3072 -sha256 -nodes -subj '/O=Usher/OU=Agent' -keyout UsherApp.key -out UsherApp.csr

      A CSR (.csr) file and a private key (.key) file are created.

Register Your Third-Party iOS App with MicroStrategy Identity

  1. Log into MicroStrategy Identity Manager.
  2. Click Logical Gateways.
  3. Under Other Application, click the Other Application icon Other Application icon.
  4. You can change the image that is displayed with your mobile app configuration in MicroStrategy Identity Manager. Next to the image preview, click Import An Icon. Select an image to display, then click Open.
  5. In the Enter Display Name field, enter a name for your mobile app configuration that will be displayed in MicroStrategy Identity Manager. The name can be up to 30 characters long.
  6. Under Authentication, select the option.
  7. In the Redirect URI field, enter the callback URI that the MicroStrategy Badge app will use to redirect to your app.
  8. To upload the certificate signing request (CSR) that you created (see the above section Create a Certificate Signing Request), click Select Certificate Signing Request. Select the CSR to upload, then click Open.
  9. Click Create. A signed certificate that secures the communication between MicroStrategy Identity Server and your mobile server is created.
  10. Click Download Client Certificate. The signed certificate (for example, nonsaml-client-cert.crt) is downloaded to your computer. The signed certificate is downloaded to your computer. Install the signed certificate on the server for your custom application.
  11. Note the Organization ID and Application ID provided on the MicroStrategy Identity Manager page. You will use these values later for configuring your third-party mobile app.
  12. Click Done.

Next, embed MicroStrategy Identity functionality into your third-party web or mobile application using the Identity SDK. For descriptions of the available API calls, see the MicroStrategy Identity API reference in MicroStrategy Identity Developer Resources.

Related Topics

Logical Gateways

Integrating a Third-Party Mobile App with MicroStrategy Identity