Single Sign On

The User Management screen is where you manage Users and Roles in your organization.

You can:

  1. Navigate to Settings > User Management > Single Sign On
  2. Enable Single Sign On
    • This enables and disables SSO functionality.
    • We recommend leaving this disabled until all settings are configured.
  3. SAML2 Configuration
    • Use the default Entity ID for SDP or modify if needed
    • Select the Binding expected by your Identity Provider. (HTTP Post or HTTP Redirect)
    • User Identifier Fallback indicates preference how users should be matched between SDP and the Identity Provider. (Auto, Username, Email)
    • Identity Provider Metadata enables you to configure SDP to use either a URL or an XML file for configuring your Identity Provider
    • Metadata outputs an XML file that can be used to configure your Identity Provider to communicate with SDP
    • Download Root Certificate downloads the Root Certificate .crt file
    • Download Service Provider Certificate downloads the Service Provider Certificate .crt file
    • Sync Roles
      • When enabled, SDP automatically assigns and enforces a user’s role based on group membership and role mapping.
      • If disabled, roles are manually assigned from the SDP UI.
  4. Compatibility
    • Check with your Identity Provider or Security Team.
    • Settings in this section are specific to the requirements of your Identity Provider and setup.
  5. Data Mapping
    • When a user is synced via SSO, their account and profile will be updated.
    • This section maps allows you to map SDP fields to values from your Identity Provider.
    • Mappings are required for Id, Email, Role, and Username.
  6. Roles Configuration
    • Roles Configuration will map directory groups to SDP roles.
    • At sign on, SDP roles are assigned in reference to a user's group membership(s) based on the mapping below.
    • Arrange the order of the configured entries to determine the priority for SDP role assignment since SDP only supports one assigned role per user.
    • Accounts belonging to multiple groups that are mapped for SSO will be assigned the SDP role closest to the top of the list.

Note: Using a tool like SAML-tracer can aid in troubleshooting this configuration.