Guides → Configure SSO
Incorta enables you to use your single sign-on (SSO) provider to be able to login. Using SSO requires configuring both Incorta and your SSO provider. The SSO configuration is done per tenant. If you have more than one tenant, you will have to configure each one to use your SSO. Configuring an Incorta tenant is done through the Incorta Cluster Management Console (CMC).
Incorta supports multiple SSO providers, such as Okta and Auth0, as well as providers that use the Security Assertion Markup Language 2.0 (SAML2) protocol. In addition to any other SSO provider that might not be listed that you can configure through the custom settings in the CMC.
Configure your SSO in Incorta
To login using your SSO, you need to configure your tenant(s) to use SSO as well as configure your SSO provider to use Incorta.
The following configuration steps are generic for how to configure an SSO provider in Incorta:
- Open the CMC and login.
- Select Clusters > cluster-name > Tenants > tenant-name.
- Select Configure.
- Select panel, choose Security.
- Configure the following properties to start using your SSO:
Property | Description |
---|---|
Authentication Type | Select the authentication type that you will use for the chosen tenant. In this case, it will be SSO. |
Provider Type | Select the SSO provider you are going to use. Current available values: ● SAML2 ● Okta ● Auth0 ● Custom |
Provider name | This property is only available when you choose Custom as a provider type. Enter the SSO provider name that you are using. |
Provider configurations | Enter the properties or XML configurations for the SSO provider you have selected. |
You must apply the upcoming steps whether you are configuring your SSO for the first time or upgrading your Incorta cluster.
- From the Clusters tab, select cluster-name > Cluster Configurations > Default Tenant Configurations.
- From the left pane, select Email.
- Configure the Server URL Protocol, Server Name, and Server Port.
If you are configuring the SSO for the first time, you must restart Incorta services.
If you are just updating the settings for the SSO you are already using, you do not need to restart Incorta services.
Refer to the respective SSO document for more information about its configuration.
Below are the common configuration properties you will need to add in the Provider configurations.
ADFS
Configuration | Description |
---|---|
onelogin.saml2.sp.entityid | The value of entityID you configured in ADFS. |
onelogin.saml2.sp.assertion_consumer_service.url | The value of Reply URL in ADFS. Use this format: https://<cloud_cluster_name>.incorta.com/incorta/!<tenant-name>/ |
onelogin.saml2.sp.single_logout_service.url | Your Incorta URL plus a logout redirect, For example, http:///<cloud_cluster_name>.incorta.com/incorta/logout.jsp?rediredtUrl= |
onelogin.saml2.idp.entityid | The value of the entityID attribute in your ADFS metadata .xml file. |
onelogin.saml2.idp.single_sign_on_service.url | The value of the Location attribute in the SingleSignOnService tag in ADFS metadata .xml file. |
onelogin.saml2.idp.single_logout_service.url . | https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 |
onelogin.saml2.idp.x509cert | The value of the X509Certificate in ADFS metadata .xml file. |
IBM CIS
Configuration | Description |
---|---|
onelogin.saml2.sp.entityid | The value of Provider ID you configured in IBM CIS. |
onelogin.saml2.sp.assertion_consumer_service.url | the value of Assertion Consumer Service URL (ACS) in CIS. Use this format: https://<cloud_cluster_name>.incorta.com/incorta/!<tenant-name>/ . |
onelogin.saml2.sp.single_logout_service.url | Your Incorta URL plus a logout redirect, For example, http:///<cloud_cluster_name>.incorta.com/incorta/logout.jsp?rediredtUrl= . |
onelogin.saml2.idp.entityid | The value of the entityID attribute in your IBM CIS metadata .xml file. |
onelogin.saml2.idp.single_sign_on_service.url | The value of the entityID attribute in your IBM CIS metadata .xml file. |
onelogin.saml2.idp.single_logout_service.url | https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 |
onelogin.saml2.idp.x509cert | The value of the X509Certificate in IBM CIS metadata .xml file. |
OneLogin
Configuration | Description |
---|---|
onelogin.saml2.idp.entityid | The value of the entityID in the EntityDescriptor tag in the SAML metadata file. |
onelogin.saml2.idp.single_sign_on_service.url | The value of the Location attribute in the SingleSignOnService tag in the SAML metadata file. |
onelogin.saml2.idp.single_logout_service.url | https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 |
onelogin.saml2.idp.x509cert | The value of the X509Certificate in the SAML metadata file. |