Configure Nectar 10 for SSO
  • 12 Apr 2021
  • 3 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Configure Nectar 10 for SSO

  • Dark
    Light
  • PDF

Overview

Nectar 10 supports single sign-on (SSO) to allow user access based on company credentials. Nectar 10 SSO is based on SAML 2.0 standards to support multiple identity providers such as (but limited to): Okta, Centrify, Microsoft Active Directory and many others. Before single sign-on can be used to log into a Nectar 10 environment, SSO must be configured by an administrator. 

In the context of SSO, Nectar 10 acts as a Service Provider and offers automatic provisioning of users. Users do not need to be explicitly created within Nectar 10 when SSO is enabled and configured properly. When a new user attempts to access Nectar 10, the Nectar 10 sign-on service will validate that the user has the appropriate credentials via the Identity Provider (using SAML) and, following a successful validation, a new user account will be created in Nectar 10 automatically. 

Follow the steps below to configure single sign-on (SSO). Please note that some of the steps below may require the involvement of an Identity Provider (IdP) administrator within your organization. This article will provide you with the information your IdP admin will likely require to complete the process. If your IdP admin requires information not addressed here, please contact Nectar support by email at support@nectarcorp.com to request any additional required information.  

Generate the SAML Configuration File

Start by navigating to the SSO Configuration in Nectar 10 (requires administrator credentials): Admin > SSO Configuration.

Click Generate SAML File. (The SSO Configuration window opens.)

Enter the following information.

Field

Description

Service Provider Entity ID

  • Enter the service provider entity ID. 
  • This is the identifier that the identity provider (IDP) will use to reference the tenant. This needs to be a unique value within the IDP’s implementation. 
  • Recommended format is nectar<tenant name>.

SSO User Groups Attribute

  • Enter the IDP attribute name, in this case, OU
  • The attribute name contains the group membership details (such as AD groups). Other IDPs may use different attribute names. 
  • The customer needs to provide this information and can refer to the IDP documentation for this information.


Click Generate to create the Nectar 10 SSO configuration file. Once generated, the Nectar 10 SSO configuration file appears in the shaded area as seen in the example here:

Click Download File (in the lower right corner of the window) to download the SAML configuration file locally or use Copy to clipboard to enable pasting the configuration into another document. 

Once downloaded, send the file to an IdP administrator within your organization to generate the IdP configuration file. This is usually done via an IdP portal.

Upload IdP Configuration

After the IdP configuration file is generated, it must be uploaded to Nectar 10 using the same SSO Configuration section used to generate the SAML configuration file above.

Click the Upload metadata button which is located just below the original configuration file.

If the ID attribute name that contains group membership details needs to be modified, use the SSO User Groups Attribute text box. The default value is OU.

Configure User Role Mapping

Multiple SSO User Groups may be configured to support Role-Based Access (RBAC) within Nectar 10. In order to support this configuration, your Nectar 10 User Roles (created within Nectar 10) must be matched to the appropriate user roles from your IdP. 

For each user type that you would like to support, click the Role Mapping button to add new role mappings one at a time. Use the Tenant User Role and External User Role drop-downs to map the Nectar 10 user roles to the appropriate IdP (external user role) user groups as seen in this example:

In this example, the Administrator role (defined in ADMIN > Roles) is mapped to the following group: CN=Nectar10LoginTesting,OU=Nectar10,OU=Development-Product,OU=Nectar Users,DC=nectarcorp,DC=com 

Note
  • Multiple Nectar 10 roles can be assigned to the same customer user group or vice versa.
  • Recursive group checking is supported.


Enable SSO

Once the steps above have been completed, enable SSO for your Nectar 10 environment by checking the Enable SSO Login box.

Finally, click UPDATE (in the lower right corner of the screen) to save your changes.

Be sure to click UPDATE!

All of the above configuration settings will be lost if you navigate away from this page with out clicking the UPDATE button located in the lower right corner of the Admin > SSO Configuration screen.



Was this article helpful?