Skip to main content
Feedback

Enabling SSO

Use the Settings > Security Options > SSO Options tab to enable SAML single sign-on.

Enabling SSO on your Administrator Account

Only administrators of the account who have access to the SSO Options tab can complete this procedure.

Procedure

  1. Select Settings > Security Options and then click the SSO Options tab.

  2. Under Enable SAML Single Sign-on, select the Enable option.

  3. Click Import.

    The Import Certificate Wizard dialog opens.

  4. Click Browse then select the public certificate from the identity provider.

    After import, the certificate information appears in the Identity Provider Certificate field.

  5. Click Finish.

  6. In the Identity Provider Sign In URL field, enter the URL to the identity provider's single sign-on service. This is your identity provider's single sign-on service POST location. (Using OpenAM as an example, to find this information you would log into OpenAM as the administrator, go to Federation, click the identity provider that you created, and go Services. The URL that you need is in the Single SignOn Service POST Location field.)

  7. (Optional) Populate the Sign Out Redirect URL field to indicate the website in which the SSO user is redirected to upon signing out of the due to voluntary sign out or from a terminated user session.

  8. (Optional) If you do not want to use the FEDERATION_ID Attribute element as the federation ID, in theĀ Federation ID Location field select Federation ID is in NameID element of the Subject.

  9. If you selected theĀ Federation ID is in NameID element of the Subject in Step 7, you are automatically presented with the Name Id Policy field. Select either the Transient or Unspecified option according to the needs of your identity provider.

  10. Under SAML Authentication Context, select the type of authentication you want to require for users:

    • Password Protected Transport - (Default) Requires a username and password for authentication.

    • Unspecified - Accepts any type of authentication, such as token authentication.

  11. The Platform Login URL and MetaData URL fields are populated automatically with your account information.

  12. Click Save.

Adding SSO Users to an account

Add single sign-on users and assign roles in the Settings > Account Access > User Management tab. If you want to enable SSO for an existing user, select the edit icon next to the desired user and follow the procedure from Step 5.

About this task

To add a user you must be logged into the account as a user with User Management privileges.

Procedure

  1. Select Settings > Account Access and click the User Management tab.

  2. On the Users tab click the '+' Add icon.

    The Add/Maintain User Roles dialog opens.

  3. Enter the user's email address.

  4. Enter the user's first and last names.

  5. Enter the user's federation ID. Each user must have a federation ID that uniquely identifies the user within the account. You need this ID to configure the user in your identity provider.

  6. Assign the Standard User role to the user. Do not assign the Administrator role because that gives normal access as well as single sign-on access.

  7. Click OK.

    The user does not receive a welcome notification email containing a password that can be used to log into the Boomi Enterprise Platform account because this password is managed through the identity provider. SSO users that are locked out must have the account administrator unlock their user account from the User Management page.

On this Page