en:single_sign_on_configuration
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| en:single_sign_on_configuration [2026/05/06 14:44] – created ergo | en:single_sign_on_configuration [2026/06/16 11:35] (current) – [Table] toomas | ||
|---|---|---|---|
| Line 9: | Line 9: | ||
| * Your IdP's SAML configuration details (Login URL, Metadata URL) | * Your IdP's SAML configuration details (Login URL, Metadata URL) | ||
| - | ===== Step 1: Open the SAML SSO Configuration ===== | + | ===== Step 1: Configure Your Identity Provider ===== |
| + | |||
| + | Before configuring Directo, you need to register Directo as a Service Provider (SP) in your Identity Provider. Use the following values: | ||
| + | |||
| + | ^ Parameter | ||
| + | | **Reply URL / ACS (Assertion Consumer Service)** | ||
| + | | **Entity ID / Identifier** | ||
| + | | **Name ID format** | ||
| + | |||
| + | **Where to configure: | ||
| + | * **Microsoft Entra ID**: Azure Portal → Enterprise Applications → New Application → Create your own application → Integrate any other application (Non-gallery) → Single sign-on → SAML → Basic SAML Configuration → Edit | ||
| + | * **Okta**: Applications → Create App Integration → SAML 2.0 → Configure SAML → General settings | ||
| + | * **Google Workspace**: | ||
| + | |||
| + | :!: **Important: | ||
| + | |||
| + | ===== Step 2: Open the SAML SSO Configuration ===== | ||
| Navigate to the SAML SSO configuration page in Directo. You will see a list of existing IdP configurations, | Navigate to the SAML SSO configuration page in Directo. You will see a list of existing IdP configurations, | ||
| - | ===== Step 2: Create a New Configuration ===== | + | From the main menu: Settings -> Common Settings -> SSO Saml Login settings. Or use the search feature. |
| + | |||
| + | ===== Step 3: Create a New Configuration ===== | ||
| - Click the **Add new** button. | - Click the **Add new** button. | ||
| - You will be taken to the IdP configuration form. | - You will be taken to the IdP configuration form. | ||
| - | {{< | + | {{: |
| - | ===== Step 3: Fill in the Button Title ===== | + | ===== Step 4: Fill in the Button Title ===== |
| Enter a descriptive name in the **Button title** field. This is the label that will appear on the SSO login button on the Directo login page (e.g., "Login with Azure AD" or " | Enter a descriptive name in the **Button title** field. This is the label that will appear on the SSO login button on the Directo login page (e.g., "Login with Azure AD" or " | ||
| - | {{< | + | ===== Step 5: Configure the IdP Settings ===== |
| - | + | ||
| - | ===== Step 4: Configure the IdP Settings ===== | + | |
| ==== Login URL (required) ==== | ==== Login URL (required) ==== | ||
| Line 32: | Line 48: | ||
| Enter the **Login URL** (also known as SSO URL or SAML Endpoint) from your Identity Provider. This is the endpoint where Directo sends SAML authentication requests. | Enter the **Login URL** (also known as SSO URL or SAML Endpoint) from your Identity Provider. This is the endpoint where Directo sends SAML authentication requests. | ||
| - | {{< | + | {{: |
| **Where to find it:** | **Where to find it:** | ||
| Line 38: | Line 54: | ||
| * **Okta**: Applications → Your App → Sign On tab → Identity Provider Single Sign-On URL | * **Okta**: Applications → Your App → Sign On tab → Identity Provider Single Sign-On URL | ||
| * **Google Workspace**: | * **Google Workspace**: | ||
| - | |||
| - | {{< | ||
| ==== Logout URL (optional) ==== | ==== Logout URL (optional) ==== | ||
| Enter the **Logout URL** (also known as SLO URL or Single Logout Endpoint). This enables single logout — when a user logs out of Directo, they are also logged out of the IdP session. | Enter the **Logout URL** (also known as SLO URL or Single Logout Endpoint). This enables single logout — when a user logs out of Directo, they are also logged out of the IdP session. | ||
| - | |||
| - | {{< | ||
| **Where to find it:** Look for "SLO URL", " | **Where to find it:** Look for "SLO URL", " | ||
| - | |||
| - | {{< | ||
| ==== Metadata URL (required) ==== | ==== Metadata URL (required) ==== | ||
| Enter the **Metadata URL** that points to your IdP's SAML metadata XML document. This URL contains the IdP's signing certificates, | Enter the **Metadata URL** that points to your IdP's SAML metadata XML document. This URL contains the IdP's signing certificates, | ||
| - | |||
| - | {{< | ||
| **Where to find it:** | **Where to find it:** | ||
| Line 62: | Line 70: | ||
| * **Google Workspace**: | * **Google Workspace**: | ||
| - | {{< | + | {{: |
| - | ===== Step 5: Configure Name ID Mapping ===== | + | (Azure SSO pictured above) |
| + | |||
| + | ===== Step 6: Configure Name ID Mapping ===== | ||
| Under **SAML Name ID Mapping**, select how the IdP identifies users: | Under **SAML Name ID Mapping**, select how the IdP identifies users: | ||
| Line 73: | Line 83: | ||
| Choose the option that matches how your IdP is configured to send the Name ID claim. | Choose the option that matches how your IdP is configured to send the Name ID claim. | ||
| - | {{< | + | ===== Step 7: Save the Configuration ===== |
| - | ===== Step 6: Save the Configuration ===== | + | {{:et: |
| Click **Save**. If you provided a Metadata URL, Directo will automatically import the IdP's signing certificates during the first save. | Click **Save**. If you provided a Metadata URL, Directo will automatically import the IdP's signing certificates during the first save. | ||
| - | {{< | + | ===== Step 8: Manage Certificates ===== |
| - | + | ||
| - | ===== Step 7: Manage Certificates ===== | + | |
| After saving, the **Trusted Certificates** section appears below the form. This section shows the signing certificates imported from your IdP's metadata. | After saving, the **Trusted Certificates** section appears below the form. This section shows the signing certificates imported from your IdP's metadata. | ||
| - | {{< | + | {{: |
| ==== Importing Certificates ==== | ==== Importing Certificates ==== | ||
| Line 91: | Line 99: | ||
| * Certificates are automatically imported from the Metadata URL on first save. | * Certificates are automatically imported from the Metadata URL on first save. | ||
| * To manually import or re-import certificates, | * To manually import or re-import certificates, | ||
| - | |||
| - | {{< | ||
| ==== Certificate Rollover ==== | ==== Certificate Rollover ==== | ||
| Line 112: | Line 118: | ||
| | **Expires** | The certificate' | | **Expires** | The certificate' | ||
| - | ===== Step 8: Test the Configuration ===== | + | ===== Step 9: Test the Configuration ===== |
| - Open the Directo login page in a new browser window or incognito/ | - Open the Directo login page in a new browser window or incognito/ | ||
| Line 118: | Line 124: | ||
| - Click the button and verify that you are redirected to your IdP's login page. | - Click the button and verify that you are redirected to your IdP's login page. | ||
| - | {{< | + | {{: |
| + | |||
| + | {{: | ||
| - After authenticating with the IdP, you should be redirected back to Directo and logged in. | - After authenticating with the IdP, you should be redirected back to Directo and logged in. | ||
| Line 135: | Line 143: | ||
| :!: **Warning: | :!: **Warning: | ||
| + | |||
| + | :!: **Warning: | ||
| + | |||
| + | {{: | ||
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
en/single_sign_on_configuration.1778067869.txt.gz · Last modified: 2026/05/06 14:44 by ergo