search
Go to UzeraContact Support

SSO using SAML

Single Sign-On (SSO) allows users to log in once and gain access to multiple applications without needing to re-enter credentials. The steps may vary depending on the platform, but here’s a general guide to follow SSO in your account:

Path to Enable SSO in Uzera Settings Module → Security → Enable SSO

hashtag
Configuring SAML on Okta

hashtag
1. Add a New SAML Application

  1. Log in to your Okta Admin Console (https://admin.okta.com).

  2. Go to Applications > Applications.

  3. Click Create App Integration.

  4. Select SAML 2.0 and click Next.

  5. Enter an App name (e.g., "Uzera") and optionally upload a logo.

  6. Click Next.

hashtag
2. Configure SAML Settings

  1. Single Sign-On URL (ACS URL) – Enter the Assertion Consumer Service (ACS) URL provided by Uzera

  2. Audience URI (Entity ID) – Enter the Entity ID provided by Uzera.

  3. Name ID format – Choose EmailAddress as per Uzera requirements.

  4. Application username format – Set as Okta username or Email.

  5. Click Next.

hashtag
3. Configure Attribute Statements (Claims)

  1. Add any required attributes for authentication. Common ones include:

    • emailuser.email

    • firstNameuser.firstName

    • lastNameuser.lastName

  2. Click Next.

hashtag
4. Assign Users to the Application

  1. Go to Assignments > Assign Users or Groups.

  2. Select users or groups that should have access.

  3. Click Save.

hashtag
5. Configure Okta Metadata in Uzera

  1. Go to the Sign On tab of your SAML app in Okta.

  2. Scroll to SAML Signing Certificates.

  3. Download the Metadata XML file.

  4. Provide this XML file to Uzera.

hashtag
6. Test SSO Integration

  1. Click Test in Okta, or try logging into the application via Okta SSO.

  2. If authentication is successful, the setup is complete.

hashtag
Troubleshooting Tips

  • Ensure the ACS URL and Entity ID match exactly with the Uzera.

  • Check attribute mappings in Okta and the Uzera.

  • Verify that assigned users are active in Okta.

  • Use Okta logs to debug any authentication issues.

hashtag
Configuring SAML on Microsoft Entra ID (Azure AD)

hashtag
1. Add an Enterprise Application

  1. Go to the Microsoft Entra ID portalarrow-up-right.

  2. Navigate to Enterprise Applications > + New Application.

  3. Click on Create your own application, enter a name, and select Integrate any other application you don’t find in the gallery (Non-gallery).

  4. Click Create and wait for the app to be added.

hashtag
2. Configure Single Sign-On (SSO)

  1. In the application settings, go to Single sign-on.

  2. Select SAML as the authentication method.

hashtag
3. Set Up Basic SAML Configuration

  1. Click Edit under the Basic SAML Configuration section.

  2. Enter the following details provided by Uzera.

    • Identifier (Entity ID) – Provided by the application.

    • Reply URL (Assertion Consumer Service URL) – Provided by the application.

    • Sign-on URL – (Optional) The URL where users initiate login.

    • Relay State – (Optional) Used for deep linking.

  3. Click Save.

hashtag
4. Configure User Attributes & Claims

  1. Click Edit in the Attributes & Claims section.

  2. Configure attributes as per application requirements (claims should be user.mail).

  3. Add or modify claims if needed.

hashtag
5. Configure SAML Signing Certificate

  1. Download the Federation Metadata XML

  2. Provide it to Uzera to complete the setup.

hashtag
6. Assign Users & Test

  1. Go to Users and Groups, assign users or groups to the application.

  2. Test SSO by navigating to the Test section in the SAML configuration.

hashtag
Configuring SAML on Google Workspace.

hashtag
1. Add a New SAML App

  1. Go to Google Admin Console (admin.google.comarrow-up-right).

  2. Navigate to Apps > Web and mobile apps.

  3. Click Add App > Add custom SAML app.

  4. Enter an App name and click Continue.

hashtag
2. Download Google SSO Metadata

  1. In the Google Identity Provider details section:

    • Download the IDP metadata or copy the SSO URL, Entity ID, and Certificate.

  2. Click Continue.

hashtag
3. Configure Service Provider Details

  1. Enter the ACS URL (Assertion Consumer Service URL) and Entity ID provided by Uzera

  2. Choose Name ID format (default: EMAIL).

  3. Click Continue.

hashtag
4. Configure Attribute Mapping

  1. Add attribute mappings based on what Uzera requires (e.g., email, first name, last name).

  2. Click Finish.

hashtag
5. Enable the SAML App for Users

  1. Go to the SAML app settings.

  2. Under User Access, enable the app for Everyone or specific groups.

hashtag
6. Test and Verify SSO

  1. Attempt to log in via Google SSO using the configured app.

  2. If authentication is successful, the setup is complete.

PreviousProfile Settings

Last updated