Versions Compared

Old Version 3

changes.mady.by.user Sean McDade

Saved on

compared with

New Version Current

changes.mady.by.user Benoit Desnoyers

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

About SAML Single Sign-On in SMACSZPC

Single Sign-On can be setup in SMACS ZPC against any Identity Provider (IdP) which supports SAML 2.0.

This guide covers the steps required to setup SAML SSO against Azure.

For an exhaustive list of supported IDP’s, visit SAML-based products and services.

Add

...

ZPC as an Enterprise Application in Azure

Note

Wildcard Certificates are not supported for SSO.

  1. Connect to your Azure Portal.

  2. Search for Enterprise Applications and click the result.

    Image Modified

  3. Click on +New Application

    Image Modified

  4. Provide a name and select the 3rd option Integrate any other application you don't find in the gallery (Non-gallery)

    Image Modified

Tip

The Enterprise Application is now added ✔

Anchor
SP-Metadata
SP-Metadata
Configure the Enterprise Application for Single Sign-On

  1. Click on Single Sign-On from the left vertical menu.

    Image Modified

  2. Click on the SAML Single Sign-On method.

    Image Modified

  3. Click on Upload metadata file

    Image Modified

  4. Click on the folder icon and point to the

...

  1. ZPC SP Metadata to upload it.

    Image Modified

  2. Once uploaded, a panel with your Basic SAML Configuration will appear on the right hand side which will be populated with values for your Identifier and Reply URL. Click Save.

    Image Modified

  3. Once saved, click on the Download link next to Federation Metadata XML

    Image Modified

Anchor
SP-Metadata
SP-Metadata
Upload IdP Metadata to

...

ZPC & Enable SSO

  1. Go to your

...

  1. ZIRO tenant, acces the SAML Single Sign-On Page from the vertical Admin menu.

    Image Modified

  2. Click Import IdP Metadata and point the file you downloaded in the previous step from Azure.

    Image Modified

  3. Click on the Enable Single Sign-On toggle.

    Image Modified
Panel
panelIconIdatlassian-warning
panelIcon:warning:
bgColor#FFFAE6

If you have previously uploaded metadata to your ZIRO instance (i.e. previously attempted to configure SSO), a restart of the smacs service is required from the stack8-console. See below.

...

Anchor
SP-Metadata
SP-Metadata
Edit Attribute & Claims

  1. From the Enterprise Application you added in the previous steps, select Attributes & Claims from the left-hand vertical menu.

    Image Modified

  2. Click on the ellipsis to modify the Unique User Identifier (Name ID)

    Image Modified

  3. Change the default Name Identifier format and Source Attribute

    1. Name Identifier format should be set to Unspecified

    2. Source Attribute should be set to user.onpremisesamaccountname

  4. Image Modified

    Click Save.

Anchor
SP-Metadata
SP-Metadata
Add Users/Groups Requiring Access to

...

ZPC to your Enterprise Application

  1. From the Enterprise Application you added in the previous steps, select Users and groups from the left-hand vertical menu.

    Image Modified

  2. Click on + Add user/group

    Image Modified

  3. Click on None Selected

    Image Modified

  4. A search panel will appear on the right hand side. Use it search for and select the individual users or groups who should be able to log into your

...

  1. ZPC tenant via Single Sign-

...

  1. On and click Select.

    Image Modified

Anchor
SP-Metadata
SP-Metadata
Test Single Sign-On from Azure

  1. Return to the Single Sign-On section of your newly added Enterprise Application and click Test at the bottom of the page.

    Image Modified

  2. A panel will appear with testing options on the right hand side of the page, select Sign in as current user option and click Test sign in.

    Image Modified

  3. If you completed the previous steps correctly, you will be presented with the

...

  1. ZPC home screen.

    Image Modified

Tip

SSO Configuration Complete ✔

Once logged in you will have initiated a Single Sign-On session which will give you access to all other applications registered to your IdP server without having to re log-in.

...