Below are instructions on how to connect your SSO IdP (identity provider) with BoostUp.
In this article:
- Overview of SSO and SAML
- Glossary of terms
- Configuring BoostUp as a Service Provider (SP)
- Troubleshooting and FAQs
Overview of SSO and SAML
SSO or Single Sign-On, is a user authentication service that permits a user to use one set of login credentials to access multiple applications. Its primary purpose is to simplify the login process for users, allowing them to navigate through various services securely without the need to manage multiple passwords and usernames.
SAML is an acronym for Security Assertion Markup Language, which is a widely accepted protocol for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). Essentially, it facilitates safe interactions among applications, permitting user access through a unified set of login details.
Utilizing SAML for SSO offers benefits such as centralized user management, improved compliance with authentication standards, and reduced administrative overhead.
Glossary:
- SSO (Single Sign-On): A user authentication process that allows a user to access applications with one set of login credentials.
- SAML (Security Assertion Markup Language): An XML-based open standard for transferring authentication and authorization data between an Identity Provider and a Service Provider, enabling SSO.
- SP (Service Provider): A service or application that provides web-based services, which uses SSO for authentication. The SP relies on an IdP to authenticate users and provides services to the authenticated users. In this case, BoostUp.
- IdP (Identity Provider): A trusted provider that authenticates users and sends information about these users to the SP to facilitate access to its services. An IdP is responsible for issuing identity information and ensuring the integrity and security of the credentials provided.
- Single Sign-On URL: The location where the SAML assertion is sent with an HTTP POST. This is often referred to as the SAML Assertion Consumer Service (ACS) URL for your application.
- Audience URI (SP Entity ID): The application-defined unique identifier that is the intended audience of the SAML assertion. This is most often the SP Entity ID of your application.
- Assertion: In SAML, an assertion is a package of information that includes authentication data, attribute information, or authorization decisions.
- XML (eXtensible Markup Language): A markup language that defines a set of rules for encoding documents in a format both human-readable and machine-readable. SAML uses XML to exchange authentication and authorization data.
- Metadata: Information about the SAML configuration for an IdP or an SP, including public keys for encryption and digital signatures, service endpoints, and other data necessary for secure SSO.
- ACS (Assertion Consumer Service): A service at the SP that receives the SAML assertion from the IdP after a user has been authenticated. The ACS processes the assertion, extracts the authentication data, and establishes the session for the user.
Configuring BoostUp as a Service Provider (SP):
We will use Okta as an example of an IdP. However, these steps should work similarly with any other SAML 2.0 identity providers such as OneLogin, JumpCloud, etc.
- Step 1: Create a New App
- Log in to your Okta Admin Console.
- Click "Applications" in the navigation menu.
- Click the "Add Application" or "Create App Integration" button.
- Step 2: Choose a Sing-in method
- If prompted, choose the "Web" as the platform option.
- Select "SAML 2.0" as the Sign-in method.
- Click "Create" or "Next".
- Step 3: General Settings
- Enter "BoostUp" as the "App name."
- You can use BoostUp's logo as an "App logo."
- Click "Next."
- Step 4: Configure SAML
- In the "General" section, enter the following information:
- Single sign-on URL:
https://app.boostup.ai/api/user/saml/sso/<company>
- Audience URI (SP Identity ID):
https://app.boostup.ai/api/user/saml/sso/<company>
- Single sign-on URL:
- Under "Attribute Statements," add the following mappings:
- Name:
firstName
, Value:user.firstName
- Name:
lastName
, Value:user.lastName
- Name:
- Click "Next."
- In the "General" section, enter the following information:
- Step 5: Finish App Configuration
- In the Feedback section Check the boxes "I'm an Okta customer adding an internal app" and "This is an app that we have created."
- Click "Finish."
- Step 6: Download Identity Provider Metadata
- After creating the app, go to the SAML Metadata details and download the XML file from the provided Metadata URL.
- Send the downloaded XML Metadata file to the BoostUp team to complete the final provisioning steps.
Troubleshooting and FAQs
- How much time does the SSO configuration testing take?
- We recommend a one-week turnaround for testing and ensuring all users can sign in correctly.
- What if my Identity Provider's configuration steps are different?
- Make sure to read your IdP's documentation regarding SAML SSO configuration.
- Reach over to the BoostUp team for specific instructions on setting up your IdP.
Comments
0 comments
Article is closed for comments.