To use an SSO service with Paligo, the service has to be configured to communicate using Security Assertion Markup Language (SAML). Usually, this configuration work is performed by IT specialists who have an in-depth understanding of the SSO service.
To help you set up your SSO service to work with Paligo, we have:
-
General instructions (see procedure below).
These cover the main principles and most SSO services require similar information.
-
Separate instructions for the following SSO services, which are special cases and need different configuration:
In your SSO provider:
-
Create one user account for each Paligo user account.
-
Create a custom SAML 2.0 application.
-
Configure the SAML 2.0 application. The terminology used for the settings can vary, but you will need to:
-
Set the Assertion Consumer Service (ACS) URL for Paligo, the endpoint where the SSO service provider connects to Paligo.
Use this URL:
https://your.paligoapp.com/saml/acs
. Replace your with the domain name of your Paligo instance, for example: https://acme.paligoapp.com/saml/acs -
Set the Service Provider (SP) URL for Paligo.
Use this URL:
https://your.paligoapp.com/saml/metadata
. Replace your.paligoapp.com with the domain name of your Paligo instance. -
Set the application user name or ID to:
email
-
Create attribute mapping for Paligo's user credentials:
-
user.firstname
-
user.lastname
-
user.email
-
-
Map them to the equivalent attributes in your SSO service. Refer to your SSO service documentation for information on those.
-
-
Create a group attribute for Paligo. Depending on the SSO service you are using, this should have the name / value
paligo.usergroup
orpaligo_usergroup
. -
Export the SSO service's metadata file so that you can import it into Paligo.
-
Create a user group for each Paligo user group. This step is required in some SSO services, whereas with others, you can add the user group name to the user settings.
In Paligo, every user account belongs to a user group, such as administrators, authors, contributors, reviewers, publishers, it admins or translation managers. When users log in to Paligo using SSO, Paligo needs the SSO service to provide the user group information (as well as the first name, last name and email). User groups are not included in the default metadata, so you need to add them in your SSO service.
-
Associate each user account with the appropriate user group.
-
Associate each user group with the SAML 2.0 application that you have created to represent Paligo.
-
In Paligo, use the SSO integration settings to Connect Paligo to your SSO Service.
Comments
0 comments
Article is closed for comments.