Single sign-on with SAML
This article provides a guide on how to set up SAML-based sign-on in Upsolver.
Last updated
Was this helpful?
This article provides a guide on how to set up SAML-based sign-on in Upsolver.
Last updated
Was this helpful?
Upsolver supports SSO through SAML using an identity broker such as Microsoft Azure, Okta, or onelogin to allow for a secured single sign-on to Upsolver without transmitting any actual authentication credentials from your site.
This procedure describes how to set up the SAML-based sign-on in general terms. Specific identity broker procedures follow below.
1. In your SAML-based sign-on identity provider, create a SAML application.
2. In Upsolver, click More > SAML.
3. Copy the Upsolver Single Sign On URL and Audience URI field values into the matching fields in your identity provider.
4. Configure the following SAML attributes:
email (mandatory)
firstName
lastName
groups (mandatory)
5. Ensure that the required users and groups are assigned to the SAML application.
6. In Upsolver, click More > SAML.
7. Click Edit Integration and copy the information from your identity provider into the following fields:
Single Sign On URL
Identity Provider Issuer
X 509 CERTIFICATE
Note: At this stage, leave the Allow Only SAML Sign On unchecked. Only change this once you have tested your SAML-based sign-on!
8. From your identity provider, log in to Upsolver. The SSO group and users are automatically provisioned in Upsolver.
9. In Upsolver, click More > IAM.
10. Select the Groups tab. The SAML Provisioned Group should appear. This appears as a group name if you are using Active Directory, otherwise this appears as a group ID.
12. (Optional) To lock down Upsolver to only allow SAML sign on, click More > SAML and select Allow Only SAML Sign On.
You may want to apply the policy that denies access to updating or deleting the SAML configuration.
11. Click the pencil icon to edit the group, and click Add Policy to add any required Upsolver policies. See: