Configuring Single Sign-On (SSO) for SanerNow with AWS

Modified on Sun, 16 Mar at 4:59 PM

Pre-requisites for signing in via AWS SSO 

  1. Identity Provider Single Sign-On URL 
  2. X.509 Certificate 
  3. Issuer ID 

Follow the steps given below to retrieve the information mentioned above. 

Steps to configure AWS SSO 

  1. Sign in to saner.secpod.com  
  2. Go to Control Panel 
  3. Under Settings, select SSO Authentication 
  4. Click on Download SSO metadata file 
  5.  Open the downloaded metadata file from your browser or a text editor

  6. .Copy and save the Entity ID and ACS URL from the metadata file you downloaded.


    1. Note: The UI may vary as AWS continuously updates its interface. 
    2. Sign in to your organization’s AWS Admin Console. 
    3. Go to AWS IAM Identity Centre 
    4. Click Application Assignments in the left menu, then click on Applications
    5. Click Add Applications, select Add Custom SAML 2.0 application, and click on Next.
    6. Under Configure Applications, enter the display name (eg: SanerNow App) in the Display Name field, enter description. 
    7. Scroll down, under IAM identity center metadata, download the metadata file and the certificate. 
    8. Scroll down and under Application Meta Data, enter Application ACS URL. 
    9. Enter Application SAML audience that is entity ID of SanerNow, then click Submit 

      • Once the application is created, Click on Actions drop down and select Edit Attribute mappings.  
      • Now in the Attribute mapping, for subject select the format as emailAddress and enter the string value in the format “${user:subject}” 
      • Click on Add new attribute mapping 
      • Now enter “Email” under User Attribute. Enter the string value in the format “${user:email}”
    10. Click on Save Changes. 
    11. Copy the Identity Provider Single Sign-On URL and identity provider issuer and X.509 Certificate from the downloaded metadata and certificate file. 
    12. Return to the SSO authentication page in SanerNow 
    13. Configure SSO in SanerNow using the downloaded certificate and copied URLs from AWS by following the steps given below: 
    14. Under SSO Authentication, click on new SSO policy.  
    15.  
    16. Enter Issuer ID, SSO Url and Certificate from AWS SSO.  
    17. Specify the required name and description for the SSO policy 
    18. Enable signed authentication if you have configured it in AWS 
    19. Click on Create 
    20. Steps to Assign users to the app in AWS 
    21. Under Applications, select the application created (SanerNow App). 
    22. Under Assigned Users, click on Assign users. 
    23. Select the required users or group and click on Assign Users.  
    24. Assign SSO policy to SanerNow Users 
    25. Note: Before assigning the users, ensure that the User login ID in SanerNow matches with AWS username 
    26. Go to Control Panel. Click on Users.  
    27. Select the users to whom AWS policy should be applied 
    28. Under Actions, select “Enforce SSO authentication” button 
    29. Select the AWS policy from the drop-down  
    30. Click on Confirm  
    31. Step 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page. 

       

      Step 2: All Organizations are selected from the drop-down by default on the control panel page. If the admin has created only one organization, the page will automatically select that organization and show its accounts. 

       

      Step 3: Click the Users section in the Control Panel. 


    • Step 4: Click New User on the top right corner of the Users page. 
    • Step 5: Specify the Login Id, Name, Organization, and Password. 
    • Step 6: Select the role of the user from the drop-down menu.  
    • Step 7: Select the managing organizations from the drop-down menu 
    • Step 8: To assign SSO Policy to the user, select the created SSO policy from the drop-down. 
    • Step 9: Click the Create button to apply SSO policy to the new user 
    • Test the SAML configuration 
    • Test if the configuration is working properly using the following steps 
    •  
    • Via SP-initiated flow: 
    • Go to SanerNow sign-in page. 
    • Enter your email address, and click Next. You will be redirected to AWS for authentication. 
    • If you have not already signed in to AWS, enter your AWS credentials to sign in. You will be automatically redirected back to SanerNow and will be signed in. 
    • Via IdP-initiated flow: 
    • Sign in to AWS end-user dashboard. 
  7. Click on the SAML app (SanerNow app) you have configured for SanerNow. You will be redirected to SanerNow and will be signed in.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article