Skip to content

SAML: Activate Single Sign-On (SSO)#

PrivaceraCloud can be configured for SSO with an external Identity Provider (IdP). Connecting to an IdP via SAML activates use of Single Sign-On.

These are the general steps for enabling SSO:

  1. Connect an IdP to PrivaceraCloud.
  2. In the PrivaceraCloud UI, enable SSO login and disable login with PrivaceraCloud username and password.

Effects of Enabling SSO: PrivaceraCloud Username and Password Disabled#

After SSO is enabled users can use their SSO credentials to login to PrivaceraCloud. Any credentials stored in PrivaceraCloud itself that were formerly used for login are disabled after SSO is activated.

Note

When SSO login is enabled, an account administrator can also log in via SSO.

Connect IdP#

These steps are to connect an IdP to your PrivaceraCloud account.

Prerequisites#

Establish an Okta account and obtain key information before configuring Privacera SAML. See Okta Identity Provider Setup to obtain required SAML and metadata information. Once that information is available return to this section to complete the setup.

Steps to Connect IdP#

You can connect your application using existing system or add new one.

  1. On your system dialog, click the three dots menu and click Add Application.

  2. In the Application List, click SAML.

  3. Select a datasource system and open + Add Application.

  4. Select SAML.

  5. Enter Application Name, Application Description, and Application Code

  6. Enter the values in the remaining fields, refer to the following figure and the table:

    The following table shows the mapping of the fields in PrivaceraCloud with the fields of the SAML app in the Okta account:


    PrivaceraCloud Fields SAML App Fields in Okta Values Description
    Entity Id Audience URI (SP Entity ID) privacera_portal
    Identity Provider Url Embed Link URL Use Embed link from General > App Embed Link section in the Okta account.
    Identify Provider Metadata Identity Provider Metadata XML file Download the XML file from Sign-On > Settings section in the Okta account, and then upload it in PrivaceraCloud.
    UserName Attribute UserID UserID Use only the field name from Okta i.e., UserID
    Firstname Attribute Firstname Firstname Use only the field name from Okta i.e., Firstname (Optional)
    LastName Attribute LastName LastName Use only the field name from Okta i.e., LastName (Optional)
    Email Attribute Email Email Use only the field name from Okta i.e., Email

  7. Click Save.

Enable SSO, Disable PrivaceraCloud Username and Password#

These steps are to enable SSO login and disable login with PrivaceraCloud username and password. You use a toggle in the PrivaceraCloud UI to enable or disable SSO login.

Prerequisites#

  • You need to have connected your IdP via SAML to your PrivaceraCloud account.
  • Ass account administrator, you need to login to PrivaceraCloud using your SSO credentials.

Steps to Enable SSO Login#

  1. As account administrator, login to PrivaceraCloud using your SSO username and password.

  2. Navigate to Settings > Account.

  3. Find the heading AUTHENTICATION SETTINGS.

    The system displays informative messages if the prerequisites to enable SSO have not been met:

    If all prerequisites have been met, no messages are displayed.

  4. Click the Enable only SSO login (Disable login with Email and Password) toggle button.

SSO URL without Login Screen#

By using the SSO URL given below, you can directly login into PrivaceraCloud through SSO.

Substitute the value of the <account_ID>.

https://privaceracloud.com/sso?acountId=<account_ID>

Last update: March 9, 2022