- 12 Apr 2021
- 3 Minutes to read
-
Contributors
-
Print
-
DarkLight
-
PDF
Configure Nectar 10 for SSO
- Updated on 12 Apr 2021
- 3 Minutes to read
-
Contributors
-
Print
-
DarkLight
-
PDF
Overview
Nectar 10 supports single sign-on (SSO) to allow user access based on company credentials. Nectar 10 SSO is based on SAML 2.0 standards to support multiple identity providers such as (but limited to): Okta, Centrify, Microsoft Active Directory and many others. Before single sign-on can be used to log into a Nectar 10 environment, SSO must be configured by an administrator.
In the context of SSO, Nectar 10 acts as a Service Provider and offers automatic provisioning of users. Users do not need to be explicitly created within Nectar 10 when SSO is enabled and configured properly. When a new user attempts to access Nectar 10, the Nectar 10 sign-on service will validate that the user has the appropriate credentials via the Identity Provider (using SAML) and, following a successful validation, a new user account will be created in Nectar 10 automatically.
Follow the steps below to configure single sign-on (SSO). Please note that some of the steps below may require the involvement of an Identity Provider (IdP) administrator within your organization. This article will provide you with the information your IdP admin will likely require to complete the process. If your IdP admin requires information not addressed here, please contact Nectar support by email at support@nectarcorp.com to request any additional required information.
Generate the SAML Configuration File
Start by navigating to the SSO Configuration in Nectar 10 (requires administrator credentials): Admin > SSO Configuration.
Click Generate SAML File. (The SSO Configuration window opens.)
Enter the following information.
Field | Description |
Service Provider Entity ID |
|
SSO User Groups Attribute |
|
Click Generate to create the Nectar 10 SSO configuration file. Once generated, the Nectar 10 SSO configuration file appears in the shaded area as seen in the example here:
Click Download File (in the lower right corner of the window) to download the SAML configuration file locally or use Copy to clipboard to enable pasting the configuration into another document.
Upload IdP Configuration
After the IdP configuration file is generated, it must be uploaded to Nectar 10 using the same SSO Configuration section used to generate the SAML configuration file above.
Click the Upload metadata button which is located just below the original configuration file.
If the ID attribute name that contains group membership details needs to be modified, use the SSO User Groups Attribute text box. The default value is OU.
Configure User Role Mapping
Multiple SSO User Groups may be configured to support Role-Based Access (RBAC) within Nectar 10. In order to support this configuration, your Nectar 10 User Roles (created within Nectar 10) must be matched to the appropriate user roles from your IdP.
For each user type that you would like to support, click the Role Mapping button to add new role mappings one at a time. Use the Tenant User Role and External User Role drop-downs to map the Nectar 10 user roles to the appropriate IdP (external user role) user groups as seen in this example:
In this example, the Administrator role (defined in ADMIN > Roles) is mapped to the following group: CN=Nectar10LoginTesting,OU=Nectar10,OU=Development-Product,OU=Nectar Users,DC=nectarcorp,DC=com
- Multiple Nectar 10 roles can be assigned to the same customer user group or vice versa.
- Recursive group checking is supported.
Enable SSO
Once the steps above have been completed, enable SSO for your Nectar 10 environment by checking the Enable SSO Login box.
Finally, click UPDATE (in the lower right corner of the screen) to save your changes.
All of the above configuration settings will be lost if you navigate away from this page with out clicking the UPDATE button located in the lower right corner of the Admin > SSO Configuration screen.