Single Sign On

The User Management screen is where you manage Users and Roles in your organization. You can:

  1. Navigate to Settings > User Management > Single Sign On
  2. Enable Single Sign On (This enables and disables SSO functionality. We recommend leaving this disabled until all settings are configured.)
  3. SAML2 Configuration
    • Use the default Entity ID for SDP or modify if needed
    • Select the Binding expected by your Identity Provider. (HTTP Post or HTTP Redirect)
    • User Identifier Fallback indicates preference how users should be matched between SDP and the Identity Provider. (Auto, Username, Email)
    • Identity Provider Metadata allows you to configure SDP to use either a URL or an XML file for configuring your Identity Provider
    • Metadata outputs an XML file that can be used to configure your Identity Provider to communicate with SDP
    • Download Root Certificate downloads the Root Certificate .crt file
    • Download Service Provider Certificate downloads the Service Provider Certificate .crt file
    • When Sync Roles is enabled, SDP will automatically assign and enforce a user’s role based on group membership and role mapping. If disabled, roles will be manually assigned from the SDP UI.
  4. Compatibility
    • Check with your Identity Provider or Security Team. Settings in this section are specific to the requirements of your Identity Provider and setup.
  5. Data Mapping
    • When a user is synced via SSO, their account and profile will be updated. This section maps allows you to map SDP fields to values from your Identity Provider. Mappings are required for Id, Email, Role, and Username.
  6. Roles Configuration
    • Roles Configuration will map directory groups to SDP roles. At sign on, SDP roles are assigned in reference to a user's group membership(s) based on the mapping below. Arrange the order of the configured entries to determine the priority for SDP role assignment since SDP only supports one assigned role per user. Accounts belonging to multiple groups that are mapped for SSO will be assigned the SDP role closest to the top of the list.

Note: Using a tool like SAML-tracer can aid in troubleshooting this configuration.