Introduced in version 12.0
SAML stands for "Security Assertion Markup Language." It's a way for different computer systems to securely share information about a user's identity, like their login credentials or other personal information. With SAML, a user can log in to one system and then be automatically logged in to other systems that they have permission to access.
This guide primarily focuses on configuring SAML on the NetBeez dashboard using Azure. However, it is important to understand that other providers can also be used to set up SAML as long as they are compatible with it.
Below is the procedure for setting up SAML SSO with Azure AD on the NetBeez dashboard:
1. Log into Azure Portal.
2. Click Azure Active Directory.
3. Click Enterprise Applications.
4. Click + New Application.
5. Click Create Your Own Application.
6. Name your application and select Integrate any other application you don't find in the gallery radio.
7. Click on SAML Button.
8. Click Edit under Basic SAML configuration (Step 1).
9. Add identifier and callback URL to the edit screen. Click Save.
10. Click Edit under the Attributes and Claims Section (Step 2).
11. Click Add A Group Claim.
12. Select All Groups under "Which groups associated with the user should be returned in the claim". Select "Group ID" for the Source Attribute field. Then click Save.
13. Optional - If you would like to enable role mapping, you will need to create groups in the Azure portal. Click on Users and groups. Then click on + Add user/group.
Click on None Selected. Then click on the group you would like to add. Lastly, click on Select.
1. Log in as an administrator.
2. Click on the cog in the upper right corner to navigate to the settings page.
3. Click on Enterprise Authentication on the left sidebar.
4. Click on the SAML down caret.
5. Toggle the on/off switch On.
6. The configuration section consists of four required fields:
- Entity ID - The Identifier or Entity ID registered with your SAML integration.
- SSO Login URL - The URL NetBeez will reach out to start a SAML authentication request.
- Certificate - Open the raw file, copy the contents, and paste it into the certificate field.
- Certificate Fingerprint - Fingerprint or thumbprint associated with the provided certificate. This is the thumbprint value in the Azure portal.
7. The attributes section consists of four required fields:
- Unique Identity Attribute Map - For the Azure integration, the value is 'claims/objectidentifier'.
- First Name Attribute Map - Leave current values.
- Last Name Attribute Map - Leave current values.
- Email Attribute Map - Leave current values.
First name, last name, and email attribute map fields have prefilled values of what most SAML integrations would use. Please note, you may need to add your own custom values.
8. Role mapping allows administrators to assign specific groups to users on their provider's side, granting the users corresponding permissions upon login.
Role Mapping On
If role mapping is turned on, the following fields are required:
- Group Name Attribute Map - This value is 'claims/groups' for the Azure configuration.
- Admin Group ID - In Azure, this value is the Object Id inside of the group.
- Read-Only Group ID - In Azure, this value is the Object Id inside of the group.
- Read-Write Group ID - In Azure, this value is the Object Id inside of the group.
To change a user's permissions with role mapping on, you will need to change the group the user is associated with on your provider.
Role Mapping Off
If role mapping is off, no fields are required in this section. Click the Default Role dropdown and select which permission all new users should receive. After a new user logs in and receives their default role, an administrator can change their permissions on under the Settings > Users tab.