Prolaborate V5 SAML SSO – Best Practices

The Goal

The goal is to deliver the best experience to all the Prolaborate users with minimal efforts!

The objective of the article is to show how an admin user make it easy and effortless for

1. To manage users and their experience in Prolaborate. Experience refers to what EA model information is shared with the users and whether they can edit or collaborate, what information is presented to them through dashboards, etc.
2. Users to securely connect to Prolaborate and get the right information.

Prerequisite

Create an Access Control Profile with access to the required repository and user group membership in them where SSO users can directly access the Prolaborate. To know how create Access Control Profile, click here.

What we cover below

1. How to Create a User Group in Prolaborate to reuse the group for SAML configuration.
2. How to set Access Permission for SAML users.
3. How to grant access to the dashboards for SAML users.
4. How to configure Access Control Profile for SAML users.

Create User Group

Create a general group and a group for each team.

To create a group, click on Menu > User Groups.

List of Groups page displays all the groups in the current repository.

To add a group, click on Create User Group.

Fill the following details and click on Submit to create a group.

Mention the Name of the group

Set the Default Dashboard for this User group if you created already

Select the Feature Sets you want this group to have access to. For example, if you select Dashboard Management, this group members will be able to add, edit, delete, and set default dashboards

Click Save to save the User Group Creation form.

To know more about user group and its permissions. Click here

Setup Access Permissions

Assign the right permissions to each group. For the general group, assign read-only access to some generic information if available.

Select the package/element from Repository Browser which you want to grant access to all the SSO user under Configure Access for Users or User Groups mode

Choose the Type of Access. There are four types of Access:

Read Only – See what is happening in Prolaborate

Read and Write – Read and Write

Read and Collaborate – See EA information, and participate in discussions but cannot edit EA models

Read, Write and Collaborate – User can view, edit, and participate in discussions

Click on Add icon

Select Apply Recursively option to give access to all elements and packages under the selected package

To know more about the Access Permission, click here

Design Dashboard

Assign the right landing page or dashboard for the groups. For the General group audience, create a dashboard with details on what you expect them to do after logging in. For example, you can ask them to get in touch with admin to get the right access.

Once the user logged in using SSO, they and straight onto the live and dynamic dashboards specifically designed for them.

All the general instructions (For example, Prolaborate user guides, Admin contact details, etc) which you want to inform all the SSO user

Set as Default dashboard and give permission to General SSO group.

To know more about the Dashboards and widget configuration, click here

Default Access Control Profiles

When a SSO user logs in for the first time, they are automatically registered to Prolaborate. You can configure which Repository they can access and which group they should be added to.

As per the instructions so far, you can select the right repositories and assign the General group.

Configure the User groups in Access Control profiles. Click on Menu > Access Configurations

Click on Create Profile.

Give a Name to the Profile and configure permissions.

You can choose any one of the following options:

1. Give access to all repositories – Any user logging with their SSO credentials will be given access to all repositories
2. Specify access – Any user logging with their SSO credentials will be added to the user groups you have specified after selecting the repositories

Click Save.

To know more about the Access Control Profile, click here

SAML Settings

1. Configure the Service Provider and Identity Provider Configuration in SAML settings page as per instructions in this link
2. Choose the Access Control profile which you have created under Default Access Control Profile and click Save.

Conclusion

What we saw so far is a bottom-up approach. This is how the configuration works.

SAML SSO users logs in and gets assigned to the configured repositories and groups. Based on the group they are configured to, they get relevant model access and dashboards.