...
SeaLights support SAML 2 SSO integration and the configuration of the Single Sign-On connection requires steps on both the Customer’s IDP IdP (Identity Provider) and SeaLights sides.
| Infonote |
|---|
In order to set up the SSO on Sealights side, you’re requested to Contact Sealights Support integration, please make sure the people with relevant permissions are involved from your IT department. |
The following items walk you through the necessary steps to achieve the SSO integrationconfiguration:
Set up a SAML 2.0 application on your IDP which will be filled Open a request to our SeaLights Support to provide you with:
The Assertion Consumer Service (ASC) URL
The Audience URI
A certificate SeaLights will provide
The Sealights certificate
Set up a SAML 2.0 application on your IdP
Using the information provided by Sealights from the step above
Configure the SAML response to send five attributes for each user (step 4 in the diagram above):
E-mail address, First Name, Last Name
Role mapped to one of the values
user,user-admin,user-devopsGroups: List of groups the user belongs to for assigning apps that user has access to in Sealights
Once this is set up, provide Sealights with one of the options below:
The
metadata.xml(preferred)The Issuer URI, the SSO URL, the certificate
We will then test that everything is working properly using a dedicated test user and modify the configuration/mapping according to the results of the tests
| Tip |
|---|
At this point, we will be ready to assign all your users to work through SSO a Single Sign-On connection. |