Please enable JS

Integrate Single Sign-On

May 10, 2023

Prolaborate enables access to Enterprise Architect models through SAML Single Sign-On capability.

  • Prolaborate Support only Service Provider (SP) Initiated Authentication.

While this integration should work with any identity provider, the tested ones are

  1. Azure Active Directory (Learn how to configure here)
  2. Okta (Learn how to configure here)
  3. Ping Identity (Learn how to configure here)
  4. Microsoft Active Directory Federation Services (Learn how to configure here)
  5. Jump Cloud (Learn how to configure here)
  6. Mini Orange (Learn how to configure here)
  7. Oracle Identity Cloud Service (Learn how to configure here)
  8. IBM Security Access Manager (Learn how to configure here)

In this guide, we will see how configure SAML Single Sign-on in general.


Access Control Profile

Create an Access Control Profile with access to the required repository and user group membership in them where SSO users can directly access the Prolaborate. To know how create Access Control Profile Click here.

Configure SSO App

On top of the usual setup you do in your SSO app, do the following:


Click on Hamburger Menu > SAML Single Sign On to go to the settings page.

Your Prolaborate site should have a valid SSL certificate and at least one repository should be added.

Service Provider Configuration

Please configure as below

Field Description
Name and ACU These fields will be Pre-filled
Certificate File Choose the .pfx file of your SSL certificate
Certificate Password Enter the password of the .pfx file
  • If SSL certificate Expires, please upload the renewed certificate in SAML configuration as well as Prolaborate Service Management.

Identity Provider Configuration

Please configure as below:

Field Description
Identity Provider This allows you convert existing system users or AD users to IDP users if they have the same email address
Others – System users to IDP users (Learn more)
Active Directory Federation Services – AD users to IDP users (Learn more)
Name Get this information from your Identity provider and paste it here.
Sign in URL Get this information from your Identity Provider and paste it here.
Sign Out URL Get this information from your Identity Provider and paste it here.
Certificate Get this information from your Identity Provider. You need to select a .cer or .cert file.

Attributes Mapping

Attribute Mapping will be pre-filled with default values in SAML Single Sign-On page and they cannot be edited.

If required, users can change the values by clicking the toggle button from Default to Custom. Then copy the Attributes & Claims values from the SAML Application and paste them in Prolaborate Attributes Mapping.

The following attributes must be created:

  1. firstname
  2. lastname
  3. email
  4. User Group


The following claims, as applicable, must be configured:

  1. Emailaddress
  2. Givenname
  3. Name
  4. Name identifier
  5. User Group
  6. surname

Access Control Profile

Choose the Profile from the Drop down and save the configuration.

Link Role-based access directly with SAML User Groups

Most modern-day teams prefer to separate user management from individual tools to a central User Management System (IAM). Prolaborate 4.4 makes this easier with the ability to link SAML user group(s) to be directly linked to Role based access in Prolaborate

For SAML based authentication, toggle the SAML Group based Restriction to enable. Choose the required profile and add SAML user group(s).

Configuration is done click "Save"

Log in with SSO

Once the configuration is done, ensure SSO is enabled.

Your users will start to see a new button on the login page called Login with SSO and they can click on it to login with their SSO credentials.