...
SeaLights support SAML 2 SSO integration and the configuration of the Single Sign-On connection requires steps on both the Customer’s IDP IdP (Identity Provider) and SeaLights sides.
Infonote |
---|
In order to set up the SSO on Sealights side, you’re requested to Contact Sealights Support integration, please make sure the people with relevant permissions are involved from your IT department. |
The following items walk you through the necessary steps to achieve the SSO integrationconfiguration:
...
Open a request to our SeaLights Support to provide you with:
The Assertion Consumer Service (ASC) URL
...
The Audience URI
...
...
A certificate SeaLights will provide.
...
The Sealights certificate
Set up a SAML 2.0 application on your IdP
Using the information provided by Sealights from the step above
Configure the SAML response to send five attributes for each user (step 4 in the diagram above):
E-mail address, First Name, Last Name
...
Attribute to be used to map one of the values
user
,user-admin
,user-devops
This can be any value from your IdP, including multiple values as long as there is a clear mapping from them to one of roles.
The mapping will be performed on Sealights sideGroups: List of groups the user belongs to for assigning apps that user has access to in Sealights
Once this is set up, provide Sealights with one of the options below:
The
metadata.xml
...
(preferred)
The Issuer URI
...
, the SSO URL
...
, the certificate
We will then test that everything is working properly using a dedicated test user and
...
update the configuration/mapping according to the results of the tests
Tip |
---|
At this point, we will be ready to assign all your users to work through SSO a Single Sign-On connection. |