This article lists general information for using and setting up Single Sign-On (SSO) via Security Assertion Markup Language (SAML) 2.0.
- Setting up Single Sign-On via SAML 2.0 in Meisterplan
- Login via SSO
- Updating the Configuration
- Login without SAML
- Deactivating SAML
- Single Sign-On via SAML 2.0 allows users to log in to Meisterplan via user accounts configured with the connected identity provider.
- Please note that users also need Meisterplan user accounts to be able to log in. The Meisterplan username is mapped to the NameID SAML field, so be sure to map this field to the Identity Provider field that corresponds to the Meisterplan username.
- Meisterplan supports both Service Provider (SP) initiated SSO and Identity Provider (IdP) initiated SSO.
- This is a short guide to configure SSO via SAML 2.0 in Meisterplan.
- Step-by-step guides for supported Identity providers are available here:
- Knowledge about SAML 2.0, SSO and the specifics of configuring your identity provider are presupposed.
- Users can also be added to SSO in addition to being auto-provisioned by your identity provider. This does not have to happen in a particular order. Learn more about this in the article on auto-provisioning users.
- Single Sign-On in Meisterplan supports SAML 2.0 only.
Setting up Single Sign-On via SAML 2.0 in Meisterplan
For these functions, you need to have the Manager Users and User Groups right.
Proceed as follows to set up Single Sign-On via SAML 2.0 in Meisterplan:
Step 1: In the left sidebar, click Manage and select Users.
Step 2: In the toolbar, click Configure > Configure SAML:
Step 3: Click SAML enabled. This will display the Identity Provider Settings and Service Provider Data sections:
Identity Provider Settings
Enter the Identity Provider Settings retrieved from your identity provider:
- Identity Provider Entity ID (this may also be referred to as the "issuer")
- SSO URL (Single Sign-On URL)
- SLO URL (Single Log-Out URL)
- X.509 Certificate (public key - different identity providers may use different names)
Service Provider Data
Most identity providers require service providers such as Meisterplan to include additional data: Login Response URL, Entity ID and Relay State.
There are two possible ways your identity provider might request this information:
1. Copy & paste the data from the relevant fields into your identity provider configuration.
2. Download the data via the Download Metadata XML File link if your identity provider supports an XML import of the data.
Completing the Setup
After entering Identity Provider Settings in Meisterplan and, if required, Service Provider Data on your identity provider's side, click the Save Configuration button to complete the setup.
Login via SSO
If SAML has been set up for your Meisterplan system and you log in via SSO, you will be automatically redirected to your company's login page. Log in to Meisterplan as explained in the Login article.
Updating the Configuration
Follow these steps if you need to update the Single Sign-On (SSO) configuration, e.g. when switching to another identity provider.
Step 1: In Meisterplan, enter the new Identity Provider Settings (see the Identity Provider Settings section) and confirm by clicking Save Configuration.
Step 2: In the admin panel of your identity provider, enter Meisterplan's Service Provider Data (see the Service Provider Data section).
Login without SAML
If you would like to login without SAML (for example, because the identity provider is temporarily not available or because you are experiencing difficulties with your SAML configuration) and have the Manage Users and User Groups right, you can log in without SSO using the "login" subdomain like this: login.us.meisterplan.com/login?systemName=[yoursystem].
To deactivate the SAML login for all users, you need to have the Manager Users and User Groups right. Log in with your Meisterplan-specific login credentials and deactivate the SAML configuration for your Meisterplan system:
Then click SAML enabled to disable the active configuration.