Oomnitza supports Security Assertion Markup Language (SAML) 2.0 for Single Sign On (SSO).
Before you set up SAML
The information that you provide to create an SSO certificate depends on your identity provider (IdP).
- Your SSO URL
- Your certificate
The SSO URL of the identity provider (IdP).
Unless you want to encrypt the SAML assertion, select Upload Certificate.
If you want to encrypt the SAML assertion you must upload the certificate, upload the SP (Service Provider) certificate with a public key, and upload the SP private key.
Active Directory Federation Services (ADFS) has the following types of X.509 certificates:
- Service communication
- Token decrypting
- Token signing
For ADFS, you must select the token-signing certificate.
Just-in-Time (JIT) Provisioning
JIT provisioning is used to enable users to create accounts in new applications when they log in for the first time.
When you select JIT provisioning, you must provide values for the following fields:
- Default role
- Name ID
Select a role with sufficient privileges.
Oomnitza supports two types of name ID policies:
- Email Address such as firstname.lastname@example.org.
- Unspecified, which means that the Name ID can be in any format such as myname.
Set up SAML
To use SAML for SSO, complete these steps:
- Log into Oomnitza.
- Click Settings > Integrations.
- Scroll down to the SSO section.
- Click the SSO integration tile that you want to use, such as SAML.
- Click the CONNECT tab.
- Enter the SSO URL.
- Choose one of the following options:
- Upload certificate. You must complete this action.
- Upload the certificate, the SP certificate with public key, and the SP certificate with private key. You complete these actions if you want to encrypt the assertion.
- Select SSO, or JIT Provisioning, or both.
- If you select JIT Provisioning, you must select a default role and enter a value in the Name Identifier field.