Pre-requisites for signing in via AWS SSO
- Identity Provider Single Sign-On URL
- X.509 Certificate
- Issuer ID
Follow the steps given below to retrieve the information mentioned above.
Steps to configure AWS SSO
- Sign in to saner.secpod.com
- Go to Control Panel
- Under Settings, select SSO Authentication
Click on Download SSO metadata file
Open the downloaded metadata file from your browser or a text editor
.Copy and save the Entity ID and ACS URL from the metadata file you downloaded.
- Note: The UI may vary as AWS continuously updates its interface.
- Sign in to your organization’s AWS Admin Console.
- Go to AWS IAM Identity Centre
- Click Application Assignments in the left menu, then click on Applications.
- Click Add Applications, select Add Custom SAML 2.0 application, and click on Next.
- Under Configure Applications, enter the display name (eg: SanerNow App) in the Display Name field, enter description.
- Scroll down, under IAM identity center metadata, download the metadata file and the certificate.
- Scroll down and under Application Meta Data, enter Application ACS URL.
- Enter Application SAML audience that is entity ID of SanerNow, then click Submit
- Once the application is created, Click on Actions drop down and select Edit Attribute mappings.
- Now in the Attribute mapping, for subject select the format as emailAddress and enter the string value in the format “${user:subject}”
- Click on Add new attribute mapping
- Now enter “Email” under User Attribute. Enter the string value in the format “${user:email}”
- Click on Save Changes.
- Copy the Identity Provider Single Sign-On URL and identity provider issuer and X.509 Certificate from the downloaded metadata and certificate file.
- Return to the SSO authentication page in SanerNow
- Configure SSO in SanerNow using the downloaded certificate and copied URLs from AWS by following the steps given below:
- Under SSO Authentication, click on new SSO policy.
- Enter Issuer ID, SSO Url and Certificate from AWS SSO.
- Specify the required name and description for the SSO policy
- Enable signed authentication if you have configured it in AWS
- Click on Create
- Steps to Assign users to the app in AWS
- Under Applications, select the application created (SanerNow App).
- Under Assigned Users, click on Assign users.
- Select the required users or group and click on Assign Users.
- Assign SSO policy to SanerNow Users
- Note: Before assigning the users, ensure that the User login ID in SanerNow matches with AWS username
- Go to Control Panel. Click on Users.
- Select the users to whom AWS policy should be applied
- Under Actions, select “Enforce SSO authentication” button
- Select the AWS policy from the drop-down
- Click on Confirm
- Step 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page.
Step 2: All Organizations are selected from the drop-down by default on the control panel page. If the admin has created only one organization, the page will automatically select that organization and show its accounts.
Step 3: Click the Users section in the Control Panel.
- Step 4: Click New User on the top right corner of the Users page.
- Step 5: Specify the Login Id, Name, Organization, and Password.
- Step 6: Select the role of the user from the drop-down menu.
- Step 7: Select the managing organizations from the drop-down menu
- Step 8: To assign SSO Policy to the user, select the created SSO policy from the drop-down.
- Step 9: Click the Create button to apply SSO policy to the new user
- Test the SAML configuration
- Test if the configuration is working properly using the following steps
- Via SP-initiated flow:
- Go to SanerNow sign-in page.
- Enter your email address, and click Next. You will be redirected to AWS for authentication.
- If you have not already signed in to AWS, enter your AWS credentials to sign in. You will be automatically redirected back to SanerNow and will be signed in.
- Via IdP-initiated flow:
- Sign in to AWS end-user dashboard.
- Click on the SAML app (SanerNow app) you have configured for SanerNow. You will be redirected to SanerNow and will be signed in.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article