Ever find yourself in the middle of repetitive credential entries across various applications? The hassle of remembering and entering credentials repeatedly can be a roadblock to a seamless user experience. EA SaaS’s SAML Single Sign-On (SSO) is a game changer in simplifying access across applications.
Configuring SAML Single Sign-On (SSO) in EA SaaS streamlines user access to the portal by seamlessly integrating with an identity provider. Enabling SAML SSO not only ensures a user-friendly experience but can also be transformed into a Unified SSO, granting centralized access to the EA Models.
Objective
This documentation serves as a comprehensive guide for users in configuring SAML Single Sign-On (SSO) within the EA SaaS portal. Users will gain insights into the following key aspects:
- Understanding the accepted types of identity providers by the EA SaaS portal.
- Navigating to the SAML SSO Configuration page based on their License type or Cloud Tenancy.
- Exploring the diverse configurations involved in the SAML setup process.
- Learning the steps to customize the login screen specifically designed for SAML SSO users.
Supported Identity Providers in EA SaaS
- Azure Active Directory (Learn how to configure here)
- Microsoft Active Directory Federation Services (Learn how to configure here)
- Okta (Learn how to configure here)
- Mini Orange (Learn how to configure here)
- Oracle Identity Cloud Service (Learn how to configure here)
- IBM Security Access Manager (Learn how to configure here)
- Ping Identity (Learn how to configure here)
- Jump Cloud (Learn how to configure here)
SSO Configuration Process Workflow
The Workflow for Configuring SAML Single Sign-On (SSO) in the Sparx EA SaaS Portal is as follows:
- Enable SAML SSO
- Retrieve Service Provider Credentials from the SAML Configuration page.
- Configure Identity Provider details
- Map Attributes
- Map Claims
- Map Access Control Profile with SAML User Groups
- Customize Login Screen (Optional)
- Save Configuration
- Test SSO Login
Step I – Enable SAML SSO
As a first step in this whole configuration process, we must enable SSO. To do this, navigate to the Portal Settings page. The navigation varies based on the license type and Cloud Tenancy. The scenarios below highlight the steps to navigate to the Portal Settings in your Sparx Cloud environment.
Scenario 1 - Only EA SaaS Setup
In EA SaaS setup, Click on the User Management icon in the Sparx EA SaaS Portal page.
Scenario 2 - Prolaborate & EA SaaS Setup
In Prolaborate and EA SaaS Setup, click on “Open Project”.
Scenario 3 - Multi-tenant setup with Prolaborate & EA SaaS
In a Multi-Tenant Setup featuring both Prolaborate and EA SaaS, the environments will be hosted on distinct domains. Consequently, administrators are required to set up SAML Single Sign-On (SSO) independently for each environment.
Configure SAML SSO in the EA SaaS Portal
Navigate to Menu > SAML Single Sign On.
Click on the “Enable” button.
Step II - Retrieve Service Provider Credentials
Copy the pre-filled Service Provider configurations, including Name, Assertion Consumer URL (ACU), and Sign Out URL, from the SAML Configuration page. Paste these details into your SAML applications as needed for proper configuration.
The SAML configuration comes pre-loaded with the SSL certificate, ensuring a hassle-free experience for users without the need for manual uploads.
Step III – Configure Identity Provider
The following details must be obtained from the identity provider,
Field | Description |
---|---|
Identity Provider | Selecting the Identity Provider either Active Directory Federation Services or Others will help in converting System users or AD users to IDP Users if they have same email address.
Others – System users to IDP users (Learn more) Active Directory Federation Services – AD users to IDP users (Learn more) |
Name | Can be obtained from the SAML Application. |
Sign In URL | Can be obtained from the SAML Application. |
Sign Out URL | Can be obtained from the SAML Application. |
Certificate | Can be obtained from the SAML Application in the form of .cer/.cert file. |
All the details mentioned above must be copied from the SAML Application and pasted on the SAML configuration page.
Step IV – Map Attributes
The SAML Single Sign-On page comes with pre-filled ‘Default’ values for Attribute Mapping.
To customize, simply click the toggle button to switch to the ‘Custom’ option.
For Custom Attributes, copy the Attributes & Claims from the SAML application for the specified attributes.
- firstname
- lastname
- group
Step V – Map Claims
Configure the specified claims in the SAML Application as necessary.
- emailaddress
- givenname
- surname
- name
- nameidentifier
- Usergroup
Step VI – Map Access Control Profile with SAML User Group
Choose an Access Control Profile to define specific access rules within the EA SaaS Portal. By doing so, once a user logs in, these predefined rules will be automatically applied.
SAML Group Based Restriction
Users have the capability to establish Multiple Access Control Profiles, seamlessly linking them to their designated SAML user groups. Upon login, users will be granted access according to the predefined profiles, offering an efficient way to establish centralized access within the EA SaaS Portal.
To Configure, Toggle “Saml group based Restriction” in the SAML Configuration page.
Click on the drop down to select an Access Control Profile,
Enter the respective SAML Group name from the SAML Application.
Click on the “Add” button to include more profiles and use the “Bin” icon to remove any existing ones.
For a deeper understanding and best practices in SAML configuration, click here to explore Sparx EA SaaS – SAML Best Practices.
Step VII – Disable Registered User Login Option (Optional)
The EA SaaS Portal’s login screen can be customized to exclusively display the ‘Login With SSO’ button, allowing only SSO users to access the portal.
Select ‘Toggle SSO Login’ to streamline authentication.
The ‘Switch to Admin Login Page’ option at the bottom, enables admin users to login using their email and password.
Step VIII - Save Configuration
Once all the configurations outlined above are done, click on the “Save” button.
Step IX - Login with SSO
After completing the SSO setup, the ‘Login with SSO’ button will be visible in the login page.
Click on the button and login with your SSO credentials.
In conclusion, the configured SAML SSO in EA SaaS promises an enhanced user journey, combining easy access with added security for a smooth and efficient process.