This article lists general information for using and setting up Single Sign-On (SSO) via Security Assertion Markup Language (SAML) 2.0.
- Setting up Single Sign-On via SAML 2.0 in Meisterplan
- Login via SSO
- Updating the Configuration
- Single Sign-On via SAML 2.0 allows users to log in to Meisterplan via user accounts configured with the connected identity provider.
- Please note that users also need Meisterplan user accounts to be able to log in. The Meisterplan username is mapped to the NameID SAML field, so be sure to map this field to the Identity Provider field that corresponds to the Meisterplan username.
- This is a short guide to configure SSO via SAML 2.0 in Meisterplan.
- Step-by-step guides for supported Identity providers are available here:
- Knowledge about SAML 2.0, SSO and the specifics of configuring your identity provider are presupposed.
- Single Sign-On in Meisterplan supports SAML 2.0 only.
- Meisterplan supports Service Provider (SP) initiated SSO only. Identity Provider (IdP) initiated SSO is not supported.
Setting up Single Sign-On via SAML 2.0 in Meisterplan
Proceed as follows to set up Single Sign-On via SAML 2.0 in Meisterplan:
- Log in to Meisterplan as an Administrator.
- In sidebar, under Manage, open the Users view.
- Click the Configure SAML toolbar button to open the Configure SAML dialog.
- Click at SAML enabled.
This will display the Identity Provider Settings and Service Provider Data sections:
Identity Provider Settings
Enter the Identity Provider Settings retrieved from your identity provider:
- Identity Provider Entity ID (this may also be referred to as the "issuer")
- SSO URL (Single Sign-On URL)
- SLO URL (Single Log-Out URL)
- X.509 Certificate (public key - different identity providers may use different names)
Service Provider Data
Some identity providers allow access by any service using valid credentials.
Others, however, require service providers (such as Meisterplan) to be registered with a Login Response URL and Entity ID.
In this case, depending on how this is done with your identity provider, you may either copy & paste these data from the relevant fields or use the Download Metadata XML File link if your identity provider supports an XML import of the data.
Completing the Setup
After entering Identity Provider Settings in Meisterplan and, if required, Service Provider Data on your identity provider's side, click the Save Configuration button to complete the setup.
Login via SSO
If the Identity Provider is temporarily not available, Meisterplan users with the administrator user level can also log in without SSO, using the "login" subdomain like this: login.us.meisterplan.com/login?databaseName=[yoursystem].
Updating the Configuration
Follow these steps if you need to update the Single Sign-On (SSO) configuration, e.g. when switching to another identity provider.
Step 1: In Meisterplan, enter the new Identity Provider Settings (see the Identity Provider Settings section) and confirm by clicking Save Configuration.
Step 2: In the admin panel of your Identity Provider, enter Meisterplan's Service Provider Data (see the Service Provider Data section).