SSO Using Security Assertion Markup Language 2.0
Security Assertion Markup Language (SAML) is a protocol that enables SSO integration between Sisense and an Identity Provider.
Sisense supports the following certified SSO SAML Identity Providers:
- ADFS
- Auth0
- G Suite
- Okta
- OneLogin
- Salesforce
- PingId
Enabling and Configuring
On the Sisense Admin page for SSO, enable and configure the identity protocol. Individual fields are described below.
- Enable Single Sign On Configuration.
- Select SAML 2.0.
- Complete the following SSO configuration fields:
Remote Login URL
Enter the URL to be redirected to for Login request.
Remote Logout URL
Enter the URL to be redirected to for Logout.
Public X.509 Certificate
Your public key ensures you are authorized to enter Sisense. This value is provided by the Identity Provider.
User Attributes
Email Claim
The name of the attribute in the token (used in the coding of the Handler), that identifies the user's login or email.
First Name Claim
The attribute's name in the token (used in the handler's coding) that identifies the user's first name.
Last Name Claim
The attribute's name in the token (used in the handler's coding) that identifies the user's last name.
To override these defaults, enter the names of each of the claims from your identity protocol.
Defining User Roles
Use Defaults
Each new user is assigned default roles according to the selection you make below.
Default User Roles. From the drop-down menu, select the default user role. Every new user is assigned to the selected default role. You cannot assign Admin roles to new users this way.
Default User Groups. Search for a group in this field and select it. Every new user is assigned to the selected default group.
Define by Group
Select this option if you have defined a Group Claim for every new user. Every new user is assigned default roles according to the selection you make below.
Groups Claim. The value of the Group claim as defined by your identity protocol. For example, if your provider refers to groups as Groups, this is the value you enter in Groups Claim. The user is assigned roles according to the Groups Claim.
Only associate users with the following group-role pairs. Enable this option so that users are only associated with groups selected from this list.
- Select a group.
- Select the user role.
If the user is associated with multiple groups, the one with the highest role is assigned. Click Add after each group.
Creating New Users and Modifying User Permissions
Use the toggle to enable your SSO configuration to create new users and modify existing user permissions, under the following circumstances:
Use Defaults:
- Activating this toggle enables creating new Sisense users.
- Deactivating this toggle prevents new users from logging in to Sisense.
Define by Groups:
- Activating this toggle enables creating new Sisense users.
- Deactivating this toggle enables existing users to log in to Sisense, but Sisense permissions remain unchanged. New users are prevented from logging in to Sisense.
If at any point you misconfigure the SSO session and you are unable to login via SSO, you can use the direct login: https://0.0.0.0/app/account#/login (select the IP or site URL).