SeaLights support SAML 2 SSO integration and the configuration of the Single Sign-On connection requires steps on both the Customer’s IdP (Identity Provider) and SeaLights sides.
In order to set up the SSO integration, please make sure the people with relevant permissions are involved from your IT department.
The following items walk you through the necessary steps to achieve the SSO configuration:
Open a request to our SeaLights Support to provide you with:
The Assertion Consumer Service (ASC) URL
The Audience URI
The Sealights certificate
Set up a SAML 2.0 application on your IdP
Using the information provided by Sealights from the step above
Configure the SAML response to send five attributes for each user (step 4 in the diagram above):
E-mail address, First Name, Last Name
Role mapped to one of the values
user
,user-admin
,user-devops
Groups: List of groups the user belongs to for assigning apps that user has access to in Sealights
Once this is set up, provide Sealights with one of the options below:
The
metadata.xml
(preferred)The Issuer URI, the SSO URL, the certificate
We will then test that everything is working properly using a dedicated test user and update the configuration/mapping according to the results of the tests
At this point, we will be ready to assign all your users to work through a Single Sign-On connection.