Configure Nectar 10 for SSO

Overview

Nectar 10 supports single sign-on (SSO) to allow user access based on company credentials. Nectar 10 SSO is based on SAML 2.0 standards to support multiple identity providers such as (but limited to): Okta, Centrify, Microsoft Active Directory and many others. Before single sign-on can be used to log into a Nectar 10 environment, SSO must be configured by an administrator. 

In the context of SSO, Nectar 10 acts as a Service Provider and offers automatic provisioning of users. Users do not need to be explicitly created within Nectar 10 when SSO is enabled and configured properly. When a new user attempts to access Nectar 10, the Nectar 10 sign-on service will validate that the user has the appropriate credentials via the Identity Provider (using SAML) and, following a successful validation, a new user account will be created in Nectar 10 automatically. 

Follow the steps below to configure single sign-on (SSO). Please note that some of the steps below may require the involvement of an Identity Provider (IdP) administrator within your organization. This article will provide you with the information your IdP admin will likely require to complete the process. If your IdP admin requires information not addressed here, please contact Nectar support by email at support@nectarcorp.com to request any additional required information.  

Generate the SAML Configuration File

Start by navigating to the SSO Configuration in Nectar 10 (requires administrator credentials): Admin > SSO Configuration.

Click Generate SAML File. (The SSO Configuration window opens.)

Enter the following information.

Click Generate to create the Nectar 10 SSO configuration file. Once generated, the Nectar 10 SSO configuration file appears in the shaded area as seen in the example here:

Click Download File (in the lower right corner of the window) to download the SAML configuration file locally or use Copy to clipboard to enable pasting the configuration into another document. 

Upload IdP Configuration

After the IdP configuration file is generated, it must be uploaded to Nectar 10 using the same SSO Configuration section used to generate the SAML configuration file above.

Click the Upload metadata button which is located just below the original configuration file.

If the ID attribute name that contains group membership details needs to be modified, use the SSO User Groups Attribute text box. The default value is OU.

Configure User Role Mapping

Multiple SSO User Groups may be configured to support Role-Based Access (RBAC) within Nectar 10. In order to support this configuration, your Nectar 10 User Roles (created within Nectar 10) must be matched to the appropriate user roles from your IdP. 

For each user type that you would like to support, click the Role Mapping button to add new role mappings one at a time. Use the Tenant User Role and External User Role drop-downs to map the Nectar 10 user roles to the appropriate IdP (external user role) user groups as seen in this example:

In this example, the Administrator role (defined in ADMIN > Roles) is mapped to the following group: CN=Nectar10LoginTesting,OU=Nectar10,OU=Development-Product,OU=Nectar Users,DC=nectarcorp,DC=com 

Enable SSO

Once the steps above have been completed, enable SSO for your Nectar 10 environment by checking the Enable SSO Login box.

Finally, click UPDATE (in the lower right corner of the screen) to save your changes.