Install signed certificate on the SMACS machine

...

Generate a CSR

...

Import the Signed Certificate

...

Restart Apache via the Stack8 Console (SSH)

...

Anchor
SP-Metadata SP-Metadata

Provide SMACS Service Provider (SP) Metadata to your Identity Provider (IdP)

Once the certificate is installed and working correctly, export Export the SP Metadata to provide to your IdP.

...

...

If you change/renew your SSL certificate, you will need to perform the following steps:

1. Restart ZIRO Platform from the stack8-console

2. Export the SP Metadata from ZIRO Provisioning and update the Service Provider entry in your IdP.

Once completed, your SSO configuration should work using the new SSL certificate.

...

Alternatively, you can provide the URL to the hosted metadata.xml file to your IdP.

https://<SMACS<ZPM-FQDN>:8443/saml/medatada

Adding

...

ZPM as a Service Provider (SP) in OKTA using URL to the hosted metadata.xml file:

1. Open the SMACS ZPM SP Metadata file you exported in the previous step to get the information required for configuring the required SAML settings in OKTA

...

1. Fill in the Single sign on URL and Audience URI (SP Entity ID) fieldsin OKTAby searching your SMACS ZPM SP Metadata file for the values in red below:

   1. Copy the entityID value from the SMACS ZPM SP metadata to the Single sign on URL field in OKTA.

      In this example the value is https://stack8-demo.smacs.stack8.com:443/saml/SSO

   2. Copy the </md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location= value from the SMACS ZPM SP metadata to the Audience URI (SP Entity ID) field in OKTA.

      In this example the value is https://stack8-demo.smacs.stack8.com:443/saml/metadata

...

Adding

...

ZPM as a Service Provider (SP) in ADFS using metadata.xml file:

1. Click on Add Relying Party Trust

   

2. Select default option “Claims Aware”

   

3. Select “Import data about the relying party from a file”

   

4. Upload the Service Provider (SP) metadata file from previous step.

5. Provide a meaningful Display Name for the SMACS ZPM relying party and click “Next”

   

6. Select “Permit everyone” and click “Next””

   

7. Enable “Configure claims issuance policy for this application” checkbox and click “Close”

   

...

1. Set Name ID format to “Unspecfied”

2. Set Application username to “AD SAM account “User Principal name”

   

3. Click Next and then Finish.

   

...

1. Edit Claim Issuance Policy

   

2. Click “Add Rule”

   

3. Choose Claim rule template “Send LDAP Attributes as Claims” and click “Next”

   

4. Provide a Claim rule name, select the Attribute Store “Active Directory” from the dropdown, provide the SAM-Account-Name UserPrincipalName to Name ID mapping and click “Finish”.

   

Provide Users Access to the

...

ZPM Application

In OKTA

Go to the Assignments tab of your newly created application and click the Assign dropdown to select people or groups to assign.

...

1. Click on “View Setup Instructions” of the SMACS ZPM Application you created for OKTA.

   

2. Navigate to the bottom of the page and copy paste the contents of the box containing your IDP metadata to a text file. You will upload this file to SMACS ZPM to complete your SSO setup.

   

Go back into

...

ZPM and complete the SAML SSO Configuration

1. Import your IDP metadata

   

2. Enable SSO

   

3. Logout from SMACS

4. Login to the stack8-console using s8admin account and restart the active side of the machine.

5. Follow the instructions here on how to restart the active side of the smacs machine.

6. ZPM

7. Go to the SMACS ZPM URL & click the orange teal login button to authenticate using SAML SSO

   

8. Use the Recovery URL to bypass Single Sign-On and to login using LDAPFor any login issues with SSO, please reach out to ZIRO Support.