Please enable JS

Integrate SAML Single Sign-On

October 20, 2020

Prolaborate enables access to Enterprise Architect models through SAML Single Sign-On capability.

While this integration should work with any identity provider, the tested ones are

  1. Azure Active Directory (Learn how to configure here)
  2. Microsoft Active Directory Federation Services (Learn how to configure here)
  3. Okta (Learn how to configure here)
  4. Mini Orange
  5. Oracle Identity Cloud Service (Learn how to configure here)
  6. IBM Security Access Manager
  7. Ping Identity (Learn how to configure here)
  8. Jump Cloud

In this guide, we will see how configure SAML Single Sign-on in general.

Configure SSO App

On top of the usual setup you do in your SSO app, do the following:

Attributes

The following attributes must be created:

  1. Firstname
  2. Lastname
  3. Email

Claims

The following claims, as applicable, must be configured:

  1. Emailaddress
  2. Givenname
  3. Name
  4. Nameindentifier
  5. surname

Configure Prolaborate

Click on Menu > SAML Settings to go to the settings page.

Your Prolaborate site should have a valid SSL certificate and at least one repository should be added.

Service Provider Configuration

Please configure as below:

Field Description
Name and ACU These fields will be prefilled
Certificate file Choose the .pfx file of your SSL certificate
Certificate password Enter the password of the .pfx file

Identity Provider Configuration

Please configure as below:

Field Description
Identity Provider Select ADFS if you are using it, select Others if you are using any other vendor.
Name and Sign in URL Get this information from your Identity Provider
Certificate File Get this information from your Identity Provider. You need to select a .cer or .cert file.

Default Access Control Profile

Click on Manage Profiles to create a new profile.

Click on Create Profile.

Give a Name to the Profile and configure permissions.

You can choose any one of the following options:

  1. Give access to all repositories – Any user logging with their SSO credentials will be given access to all repositories by adding them to the Default user group in each repository
  2. Specify access – Any user logging with their SSO credentials will be added to the user groups you have specified after selecting the repositories

Click Save.

Now, go back to SAML Settings page.

Select the newly created profile and click Save.

Log in with SSO

Once the configuration is done, ensure SSO is enabled.

Your users will start to see a new button on the login page called Login with SSO and they can click on it to login with their SSO credentials.