Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

About SAML Single Sign-On in SMACS

Single Sign-On can be setup in SMACS against any Identity Provider (IdP) which supports SAML 2.0.

This guide covers the steps required to setup SAML SSO against Azure.

For an exhaustive list of supported IDP’s, visit SAML-based products and services.

Add SMACS as an Enterprise Application in Azure

Note

Wildcard Certificates are not supported for SSO.

...

Tip

The Enterprise Application is now added ✔

Anchor
SP-Metadata
SP-Metadata
Configure the Enterprise Application for Single Sign-On

  1. Click on Single Sign-On from the left vertical menu.

  2. Click on the SAML Single Sign-On method.

  3. Click on Upload metadata file

  4. Click on the folder icon and point to the SMACS SP Metadata to upload it.

  5. Once uploaded, a panel with your Basic SAML Configuration will appear on the right hand side which will be populated with values for your Identifier and Reply URL. Click Save.

  6. Once saved, click on the Download link next to Federation Metadata XML

Anchor
SP-Metadata
SP-Metadata
Upload IdP Metadata to SMACS & Enable SSO

  1. Go to your ZIRO tenant, acces the SAML Single Sign-On Page from the vertical Admin menu.

  2. Click Import IdP Metadata and point the file you downloaded in the previous step from Azure.

  3. Click on the Enable Single Sign-On toggle.

Panel
panelIconIdatlassian-warning
panelIcon:warning:
bgColor#FFFAE6

If you have previously uploaded metadata to your ZIRO instance (i.e. previously attempted to configure SSO), a restart of the smacs service is required from the stack8-console. See below.

...

Anchor
SP-Metadata
SP-Metadata
Edit Attribute & Claims

  1. From the Enterprise Application you added in the previous steps, select Attributes & Claims from the left-hand vertical menu.

  2. Click on the ellipsis to modify the Unique User Identifier (Name ID)

  3. Change the default Name Identifier format and Source Attribute

    1. Name Identifier format should be set to Unspecified

    2. Source Attribute should be set to user.onpremisesamaccountname

  4. Click Save.

Anchor
SP-Metadata
SP-Metadata
Add Users/Groups Requiring Access to SMACS to your Enterprise Application

  1. From the Enterprise Application you added in the previous steps, select Users and groups from the left-hand vertical menu.

  2. Click on + Add user/group

  3. Click on None Selected

  4. A search panel will appear on the right hand side. Use it search for and select the individual users or groups who should be able to log into your SMACS tenant via Single Sign-Onand click Select.

Anchor
SP-Metadata
SP-Metadata
Test Single Sign-On from Azure

  1. Return to the Single Sign-On section of your newly added Enterprise Application and click Test at the bottom of the page.

  2. A panel will appear with testing options on the right hand side of the page, select Sign in as current user option and click Test sign in.

  3. If you completed the previous steps correctly, you will be presented with the SMACS home screen.

...