Skip to main content

PrivaceraCloud Documentation

SAML

:

Activate Single Sign-On (SSO)

PrivaceraCloud can be configured for SSO with an external Identity Provider (IdP). Connecting to an IdP via SAML activates use of Single Sign-On.

These are the general steps for enabling SSO:

  1. Connect an IdP to PrivaceraCloud.

  2. On the PrivaceraCloud UI, enable SSO login. For more information, see Enable only SSO login.

Effects of enabling SSO

When SSO is enabled, users can log in to PrivaceraCloud using only their SSO credentials. When enabled, you can redirect to your organization's authentication system, such as Okta or Azure.

Note

When SSO login is enabled, an account administrator can also login via SSO.

Connect IdP (Okta and Azure AD)

These steps are to connect an IdP to your PrivaceraCloud account.

Prerequisites

Establish an Okta or Azure AD account and obtain key information before configuring Privacera SAML.

For more information about Okta setup, see Okta Identity Provider Setup to obtain required SAML and metadata information.

For more information about Azure AD setup, See Azure AD setup to obtain required SAML and metadata information.

Once that information is available return to this section to complete the setup.

Steps to connect IdP

You can connect your application using existing system or add new one.

  1. On your system dialog, click the three dots menu and click Add Application.

  2. In the Application List, click SAML.

  3. Select a datasource system and open + Add Application.

  4. Select SAML.

  5. Enter Application Name, Application Description, and Application Code

  6. Enter the Application Properties details.

    The following table shows the mapping of the fields in PrivaceraCloud with the fields of the SAML app in the Okta account:

    Table 26. PrivaceraCloud and Okta fields

    PrivaceraCloud Fields

    SAML App Fields in Okta

    Values

    Description

    Entity Id

    Audience URI (SP Entity ID)

    privacera_portal

    The value of the Entity id is the same as that which is used to configure Okta or Azure.

    Identity Provider Url

    Embed Link

    URL

    Use Embed link from General > App Embed Link section in the Okta account.

    Identify Provider Metadata

    Identity Provider Metadata

    XML file

    Upload the XML metadata that you generated and saved in the Okta configuration. For more information, see IdP provider metadata

    UserName Attribute

    UserID

    UserID

    Use only the field name from Okta i.e., UserID

    Email Attribute

    Email

    Email

    Use only the field name from Okta i.e., Email

    FirstName Attribute

    FirstName

    FirstName

    Use only the field name from Okta i.e., FirstName (Optional)

    LastName Attribute

    LastName

    LastName

    Use only the field name from Okta i.e., LastName (Optional)



    The following table shows the mapping of the fields in PrivaceraCloud with the fields of the SAML app in the Azure AD account:

    Table 27. PrivaceraCloud and Azure AD fileds

    PrivaceraCloud Fields

    SAML App Fields in Azure AD

    Values

    Description

    Entity Id

    Entity ID

    privacera-portal

    The value of the entity id is the same as that which is used to configure Okta or Azure.

    Identity Provider Url

    Azure AD Identifier

    URL

    Use the copied Azure AD Identifier URL from Azure AD portal.

    Identify Provider Metadata

    Federation Metadata XML

    XML file

    Upload XML which you have downloaded from the Azure portal.

    UserName Attribute

    name

    user.userprincipalname

    It must be same as the Azure AD user used in the Attributes and Claims section.

    FirstName Attribute

    givenname

    user.givenname

    It must be same as the Azure AD givenname used in the Attributes and Claims section.

    LastName Attribute

    surname

    user.surname

    It must be same as the Azure AD user surname used in the Attributes and Claims section.

    Email Attribute

    emailaddress or name

    user.email

    It must be same as the Azure AD user email address used in the Attributes and Claims section. If the name and email address in your Azure account are the same, you can use the name instead of the email address.



  7. Click Save.

Enable only SSO login

In this topic, you will learn how to enable SSO login using the toggle button in the PrivaceraCloud portal. When enabled, users will no longer be able to sign in with their credentials.

Prerequisites
  • You need to have connected your IdP via SAML to your PrivaceraCloud account.

  • As an account administrator, you need to login to PrivaceraCloud using your SSO credentials.

Steps to enable SSO login
  1. As an account administrator, login to PrivaceraCloud using your SSO username and password.

  2. Navigate to Settings > Account.> AUTHENTICATION SETTINGS.

  3. The system displays informative messages if the prerequisites to enable SSO have not been met:

    If all prerequisites have been met, no messages are displayed.

  4. Click the Enable only SSO login (Disable login with Email and Password) toggle button.

SSO URL without login screen

By using the SSO URL given below, you can directly login into PrivaceraCloud through SSO.

Substitute the value of the <account_ID>.

https://privaceracloud.com/sso?acountId=<account_ID>