# Integrating with a customer portal There are two major types of integrations with external customer portals: 1. Direct: End-client uses MetalSoft's user portal to deploy infrastructure 2. Indirect: End-client uses customer portal to deploy infrastructure ## Direct integration with an upstream customer portal In this setup the MetalSoft end user portal (the drag and drop interface) is exposed to the user. ![](/assets/general/developer_getting_started_01.svg) This setup is relatively easy to deploy and provides a good user experience to end-users for bare metal as a service offerings. It is however not suitable if other high level services such as VM-as-a-Service is offered. There are multiple supported mechanisms for authenticating users in MetalSoft portal. More than one can be active at any give time: 1. Using SAML (recommended) 2. Using LDAP 3. Using built-in authentication The choice will depend on the capabilities of the portal. For more information visit [Authentication Overview](/content/configuration/users_and_permissions/authentication_overview). ### SAML-compatible ID service (Recommended) If the existing user portal uses a SAML-compatible ID service such as Azure AD, OKTA, Auth0 for login then this setup is very simple as MetalSoft can be configured to use the same SAML provider from the `Global Configuration`>`Authentication` tab. For an example configuration consult: [Configuring SAML for OKTA](/content/configuration/users_and_permissions/configuring_saml_for_okta) ### LDAP-compatible ID service If the existing user portal uses a LDAP-based login (FreeIPA, Active Directory) then MetalSoft should be configured to use LDAP protocol from the `Global Configuration`>`Authentication` tab. For an example configuration consult: [Configuring LDAP for Microsoft Active Directory](/content/configuration/users_and_permissions/configuring_ldap_for_microsoft_active_directory) ### Built-in authentication MetalSoft's built-in user management system is relatively robust. A portal could either: 1. Create the users and set passwords using the API 2. Let users sign-up on MetalSoft's sign-up page. #### Managing users via the API The portal could create users and delete users in MetalSoft via the API: * [user_create_with_access_level](https://us01.metalsoft.io/api/developer/developer#user_create_with_access_level) * [user_get](https://us01.metalsoft.io/api/developer/developer#user_get) * [user_delete](https://us01.metalsoft.io/api/developer/developer#user_delete) > Note that the users have to have the `billable` flag set to allow them to deploy infrastructures. [user_billable_set](https://us01.metalsoft.io/api/developer/developer#user_billable_set) can be used to configure this flag. #### Enabling user sign-up A partner portal could redirect users to the MetalSoft Signup page. To enable the Built-in sign-up process: `Global Configuration` > `Authentication` > `Signup page enabled`. Once enabled the signup button and the signup process will be enabled and available at `https://en/signup`. > Note that users can also enable or disable authenticator on their account on their own. ## Indirect integration with an upstream customer portal In many situations the upstream portal will use API calls to managed infrastructures: ![](/assets/general/developer_getting_started_02.svg) ## Embedding the MetalSoft Remote Console into a customer portal The HTML console is a very useful tool for end-users to be able to interact with the server via the out-of-band network in an emergency or even as primary means of managing a server. This console can be integrated into a 3rd party customer portal for a seamless experience. ![](/assets/developer_resources/remote_console_01.png) Consult [Embedding the Remote Console](embedding_the_remote_console) for more details.