Setting Up SSO SAML 2.0 With Azure AD
Introduction This article explains how to set up SAML 2.0 integration between Sisense and Azure AD. For more information about SSO in Sisense see Introduction to SSO SSO via SAML 2.0 By default, Sisense supports Forms Authentication only. Starting from the L2021.11 version, you can also enable support for Windows Authentication and MFA. For more details, contact the Sisense support team. Configuration on Azure side Log in to your Azure account. Expand the left-hand menu: Go to Azure Active Directory Select Enterprise applications: Under the All Applications section, select New application: Create your own application for ‘Integrate any other application you don’t find in the gallery’ purpose, name it Sisense: Under Overview > Assign users and groups, configure access permissions for your SSO integration. Once configured, go back to Overview and switch to Set up single sign-on: Select SAML type of the SSO: Edit Basic SAML Configuration with the following settings: Name Value Identifier (Entity ID) Sisense Reply URL (Assertion Consumer Service URL) https://my.sisense.com/api/v1/authentication/login_saml_callback/ * replace my.sisense.com with your Sisense URL Note Azure allows HTTPS format only for Reply URL. To configure HTTPS in Sisense, see Setting Up SSL for Sisense. If you configure the integration in the Sisense test environment without SSL, you can set HTTP reply URL directly in the manifest of the SAML application, reference. Once saved, go to Edit User Attributes and claims. 10. Use Add New Claim to add the following attributes 11. Optional. Add a New Group Claim as per screenshot: Your Azure AD needs to be synchronized with on-premise Microsoft Active Directory to use this claim. See more details in Configure group claims for applications with Azure Active Directory. 12. Return back to the Single Sign-On page and copy the following parameters: Azure AD additional info In the latest versions of Sisense, it is required to fill the Relay State field in, it is marked as optional at provider side: RelayState is a parameter that identifies a specified destination URL your users will access after signing in with SSO. In case of Sisense, it could be a path to the main page: “https://my.sisense.com/app/main#/home” Configuration on Sisense side Go to Admin tab > Single-Sign On. Select SAML, turn the toggle on. Use parameters from Step 12 above: Remote Login URL = Login URL Remote Logout URL = Logout URL Public X.509 Certificate = Content of Certificate (Base 64) file (you can open it with a text editor) 3. Configure claim names according to your config in Azure AD. If you created a group claim in Azure SAML app, choose Define by Group and enter memberOf as the Group Claim name.Setting Up SSO SAML 2.0 with Auth0
Auth0 is a service that abstracts how users authenticate to applications. From Auth0, you and your users can log in to Auth0 and then access applications such as Sisense without having to log in to each application. Auth0 supports applications that support SAML 2.0, such as Sisense. This page describes how to add Sisense to Auth0 and configure SSO-support with SAML 2.0 by creating an Auth0 app and connecting it to Sisense. Note: This page reflects a 3rd party’s application which may change. If the steps described here do not match what you see in your Auth0 account, you can use the generic Sisense SAML documentation, along with the IdP’s documentation. Connecting Sisense to Auth0 To connect Sisense to Auth0: Log in to your Auth0 account. Select Clients from the left menu. Click CREATE CLIENT. In the Name field, enter a name for your app and select Regular web applications. Click Create. In your app’s homepage, open the Addons tab and enable the SAML 2.0 Web app. The Addon: SAML2 Web App window is displayed. In the Application Callback URL field, enter http s :// domain_name /api/v1/authentication/login_saml_callback/ , replace domain_name with your domain. In Auth0, select Addons and then click SAML2. Replace "Settings" with: { "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ ws/2005/05/identity/claims/emailaddress" ] } Click Save. Close the Addon: SAML2 Web App window and then open the Settings tab. Click Show Advanced Settings. Open the Certificates tab and copy the Signing Certificate. In the Sisense Web Application, select the Admin>Single Sign On. In the Single Sign On page, enable SSO and click Edit. Paste the Signing Certificate you copied in Step 11 and paste it in the Public X.509 Certificate field. In Auth0, open the Endpoints tab, and copy the value of the SAML Protocol URL field. In the Sisense Web Application, paste the SAML protocol into the Remote Login URL field and click Save. Users who access any of the web pages on your Sisense server, will be redirected to Auth0 for authentication.Setting Up SSO SAML 2.0 with Okta
Okta provides secure identity management and single sign-on to applications that you can add to your Okta account. From Okta, you and your users can log in to Okta and then access applications such as Sisense without having to log in to each application. Okta supports applications that support SAML 2.0, such as Sisense. This page describes how to add Sisense to Okta and configure SSO-support with SAML 2.0. Note: This page reflects a 3rd party’s application which may change. If the steps described here do not match what you see in your Okta account, you can use the generic Sisense SAML documentation, along with the IdP’s documentation. Adding Sisense to Okta To add Sisense to Okta: Log in to Okta. In the menu bar, click Applications -> Browse App Catalog. In the Search field enter Sisense and choose Sisense SAML app. Then click Add Integration. Put Sisense application URL in Base URL and press Done. Sisense is added to your Apps. After you configure SAML 2.0 for Sisense, you can click this application in Okta to launch your Sisense dashboard. Configuring SAML 2.0 for Sisense To configure SAML 2.0: Under the Applications tab, select Applications. In the Applications page, click Sisense. In the Sisense app menu bar, click the Sign On tab -> Edit. Okta’s setup instructions are expanded. Click More Details to get your SSO information which Sisense needs to configure SSO. From the Okta setup instructions, copy the Remote Login URL, Remote Logout URL, and Download Signing Certificate. In the Sisense Web Application, select Single Sign On under the Admin tab. In the Single Sign On page, activate SSO. In the Remote Login URL, Remote Logout URL, and Public X-509 Certificate fields, enter your Okta SSO details into the relevant fields described in Step 4 of this procedure. Click Save. The Okta users you assigned to the Sisense application can access Sisense through Okta without having to log in to Sisense directly.
