Ever find yourself in the middle of repetitive credential entries across various applications? The hassle of remembering and entering credentials repeatedly can be a roadblock to a seamless user experience. EA SaaS’s SAML Single Sign-On (SSO) is a game changer in simplifying access across applications.

Configuring SAML Single Sign-On (SSO) in EA SaaS streamlines user access to the portal by seamlessly integrating with an identity provider. Enabling SAML SSO not only ensures a user-friendly experience but can also be transformed into a Unified SSO, granting centralized access to the EA Models.

Objective

This documentation serves as a comprehensive guide for users in configuring SAML Single Sign-On (SSO) within the EA SaaS portal. Users will gain insights into the following key aspects:

  • Understanding the accepted types of identity providers by the EA SaaS portal.
  • Navigating to the SAML SSO Configuration page based on their License type or Cloud Tenancy.
  • Exploring the diverse configurations involved in the SAML setup process.
  • Learning the steps to customize the login screen specifically designed for SAML SSO users.

Supported Identity Providers in EA SaaS

Sparx EA SaaS effortlessly connects with a variety of identity providers listed below, while also providing compatibility with other identity providers for seamless integration.
  1. Azure Active Directory (Learn how to configure here)
  2. Microsoft Active Directory Federation Services (Learn how to configure here)
  3. Okta (Learn how to configure here)
  4. Mini Orange (Learn how to configure here)
  5. Oracle Identity Cloud Service (Learn how to configure here)
  6. IBM Security Access Manager (Learn how to configure here)
  7. Ping Identity (Learn how to configure here)
  8. Jump Cloud (Learn how to configure here)
This guide will walk you through the process of setting up SAML Single Sign-On in the EA SaaS Portal.

SSO Configuration Process Workflow

The Workflow for Configuring SAML Single Sign-On (SSO) in the Sparx EA SaaS Portal is as follows:

  1. Enable SAML SSO 
  2. Retrieve Service Provider Credentials from the SAML Configuration page. 
  3. Configure Identity Provider details 
  4. Map Attributes 
  5. Map Claims 
  6. Map Access Control Profile with SAML User Groups 
  7. Customize Login Screen (Optional) 
  8. Save Configuration 
  9. Test SSO Login

Step I – Enable SAML SSO

As a first step in this whole configuration process, we must enable SSO. To do this, navigate to the Portal Settings page. The navigation varies based on the license type and Cloud Tenancy. The scenarios below highlight the steps to navigate to the Portal Settings in your Sparx Cloud environment. 

Scenario 1 - Only EA SaaS Setup

In EA SaaS setup, Click on the User Management icon in the Sparx EA SaaS Portal page.

Scenario 2 - Prolaborate & EA SaaS Setup

In Prolaborate and EA SaaS Setup, click on “Open Project”.

Scenario 3 - Multi-tenant setup with Prolaborate & EA SaaS

In a Multi-Tenant Setup featuring both Prolaborate and EA SaaS, the environments will be hosted on distinct domains. Consequently, administrators are required to set up SAML Single Sign-On (SSO) independently for each environment.

Configure SAML SSO in the EA SaaS Portal

Navigate to Menu > SAML Single Sign On.

Click on the “Enable” button.

Step II - Retrieve Service Provider Credentials

Copy the pre-filled Service Provider configurations, including Name, Assertion Consumer URL (ACU), and Sign Out URL, from the SAML Configuration page. Paste these details into your SAML applications as needed for proper configuration. 

The SAML configuration comes pre-loaded with the SSL certificate, ensuring a hassle-free experience for users without the need for manual uploads.

Step III – Configure Identity Provider

The following details must be obtained from the identity provider,

FieldDescription
Identity Provider Selecting the Identity Provider either Active Directory Federation Services or Others will help in converting System users or AD users to IDP Users if they have same email address.
Others – System users to IDP users (Learn more)
Active Directory Federation Services – AD users to IDP users (Learn more)
Name Can be obtained from the SAML Application.
Sign In URLCan be obtained from the SAML Application.
Sign Out URLCan be obtained from the SAML Application.
CertificateCan be obtained from the SAML Application in the form of .cer/.cert file.

All the details mentioned above must be copied from the SAML Application and pasted on the SAML configuration page.

Step IV – Map Attributes

The SAML Single Sign-On page comes with pre-filled ‘Default’ values for Attribute Mapping.

To customize, simply click the toggle button to switch to the ‘Custom’ option.

For Custom Attributes, copy the Attributes & Claims from the SAML application for the specified attributes.

  1. firstname
  2. lastname
  3. email
  4. group

Step V – Map Claims

Configure the specified claims in the SAML Application as necessary.

  1. emailaddress
  2. givenname
  3. surname
  4. name
  5. nameidentifier
  6. Usergroup

Step VI – Map Access Control Profile with SAML User Group

Choose an Access Control Profile to define specific access rules within the EA SaaS Portal. By doing so, once a user logs in, these predefined rules will be automatically applied.

To learn more about Access Control Profiles, refer to the documentation here.

SAML Group Based Restriction

Users have the capability to establish Multiple Access Control Profiles, seamlessly linking them to their designated SAML user groups. Upon login, users will be granted access according to the predefined profiles, offering an efficient way to establish centralized access within the EA SaaS Portal.

To Configure, Toggle “Saml group based Restriction” in the SAML Configuration page.

Click on the drop down to select an Access Control Profile,

Enter the respective SAML Group name from the SAML Application.

Click on the “Add” button to include more profiles and use the “Bin” icon to remove any existing ones. 

For a deeper understanding and best practices in SAML configuration, click here to explore Sparx EA SaaS – SAML Best Practices.

Step VII – Disable Registered User Login Option (Optional)

The EA SaaS Portal’s login screen can be customized to exclusively display the ‘Login With SSO’ button, allowing only SSO users to access the portal.

Select ‘Toggle SSO Login’ to streamline authentication.

The ‘Switch to Admin Login Page’ option at the bottom, enables admin users to login using their email and password.

Note: Users without Admin access will not be able to login using their email and password.

Step VIII - Save Configuration

Once all the configurations outlined above are done, click on the “Save” button.

Step IX - Login with SSO

After completing the SSO setup, the ‘Login with SSO’ button will be visible in the login page.

Click on the button and login with your SSO credentials.

In conclusion, the configured SAML SSO in EA SaaS promises an enhanced user journey, combining easy access with added security for a smooth and efficient process.