Please enable JS

Integrate SAML Single Sign-on Settings

November 11, 2019

Prolaborate enables access to Enterprise Architect models through SAML Single Sign-on capability.

While this integration should work with any identity provider, the tested ones are

  1. Azure Active Directory
  2. Microsoft Active Directory Federation Services
  3. Okta
  4. Mini Orange
  5. Oracle Identity Cloud Service
  6. IBM Security Access Manager

In this guide, we will learn how to configure SAML Single Sign-on for various providers.

Configure SAML Settings

Click on Menu > SAML Settings to go to the settings page.

First you need to configure Prolaborate’s settings (The service provider), then the Identity Provider, and finally decide what access needs to be given for users logging in through their SSO credentials.

Prerequisite: Your Prolaborate site should have a valid SSL certificate and at least one repository should be added.

Service Provider Configuration

Please configure as below:

Field Description
Name and ACU These fields will be prefilled
Certificate file Choose the .pfx file of your SSL certificate
Certificate password Enter the password of the .pfx file

Identity Provider Configuration

Field Description
Identity Provider Select ADFS if you are using it, select Others if you are using any other vendor.
Name and Sign in URL Get this information from your Identity Provider
Certificate File Get this information from your Identity Provider. You need to select a .cer or .cert file.

Azure Active Directory Configuration Notes

Sign in URL should be App Access URL. You can get it from App Properties tab in Azure Active Directory.

The user attribute configuration should be done as below:

Oracle IDP Configuration Notes

Sign in URL should be in this format:
https://[Identity Provider Domain URL]/ui/v1/myconsole

Here is a sample configuration:

Default Access Permissions

You can choose any one of the following options:

  1. Give access to all repositories – Any user logging with their SSO credentials will be given access to all repositories by adding them to the Default user group in each repository
  2. Specify access – Any user logging with their SSO credentials will be added to the user groups you have specified after selecting the repositories

Log in with SSO

Once the configuration is done, ensure SSO is enabled.

Your users will start to see a new button on the login page called Login with SSO and they can click on it to login with their SSO credentials.

Any questions? Contact us