Y Soft

5.1.6.3. Single Sign-On

Supported SAMLv2 SSO providers are Okta and Azure ADFS. Please follow the steps from 5.6.3.1. and 5.6.3.2. sub-sections in order to configure the corresponding SSO.
It is possible to configure SAMLv2 ‘Single Sign-On’ on an account basis in the account configuration:

  • Under SSO method specify “SAMLv2” to enable SSO. Specify “None” to disable SSO. There is no need to add values for the SSO XML Metadata URL if SSO method has “None” value.
  • SSO XML Metadata URL: the XML metadata URL from the SSO providers SAMLv2 configuration.
  • SSO Single Logout URL: the URL to the logout endpoint of the SSO provider. This field is optional.
  • SSO Issuer ID: the issuer ID which is sent to SAML SSO provider. If not specified the URL taken from the browser will be used in the form https://account:8443/.

Notes on the XML Metadata URL:

Instead of a http/s URL the metadata can also be specified with a file URL like this:

  • file:/{filename}
    or
  • file:///{filename}

where {filename} refers to a file placed in the SAFEQ Cloud installation folder under <install-root>/conf/{filename}.
The file size limit is 1 megabyte. Symbolic links are not allowed. Upon saving the configuration the specified file is checked for XML validity.
In a cluster setup this file must be placed on every cluster node.

Identity provider setup guides for Okta

  • Navigate to Applications in Okta and select the one that has SAMLv2 configured
  • Click the Sign On section
  • For SSO XML Metadata URL, go back to the Sign On section, and then copy the URL from Identity Provider metadata
  • For SSO Single Logout URL, click View Setup Instructions button, and copy the URL corresponding to Identity Provider Single Logout URL
    Beware here that you only have access to the Logout URL if you have enabled “Single Logout” in the advanced settings of the SAML application.

Okta: https://developer.okta.com/docs/guides/saml-application-setup/config-saml-in-app/

Identity provider setup guides for Azure or Client

  • Navigate to Enterprise applications and select the one that has SAMLv2 configured
  • Click on Single sign-on option
  • For SSO XML Metadata URL, copy the URL from App Federation Metadata XML
  • For SSO Single Logout URL, copy the URL from Logout URL

Please make sure that Azure, Client or Okta authentication provider and its corresponding access control are added in SAFEQ Cloud, as well.

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment