Setting Up SSO SAML 2.0 with G Suite
G Suite is a package of cloud-based services that can provide your company or school with a whole new way to work together online—not just using email and chat, but over video conferences, social media, real-time document collaborations, and more. Users can use their G Suite credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An identity and access management (IAM) service provides administrators with a single place to manage all users and cloud applications. You don't have to manage individual user IDs and passwords tied to individual cloud applications for each of your users. An IAM service provides your users with a unified sign-on across all their enterprise cloud applications. This page describes how to add Sisense to G Suite and configure SSO-support with SAML 2.0. Note: This page reflects a 3rd party’s application which may change. If the steps described here do not match what you see in your G Suite account, you can use the generic Sisense SAML documentation, along with the IdP’s documentation. Connecting Sisense to G Suite Log in to your admin.google.com account with your G Suite account Select Apps on the main page Select SAML apps Step 1 Create a new application. “+” button or “ SETUP MY OWN CUSTOM APP” Step 2 Download Certificate or IDP Metadata, save SSO URL. Use notepad to open certificate or Metadata file, save lines starting from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- This information will be used for Sisense SAML configuration. Step 3 Enter Application Name - Sisense Step 4 Enter ACS URL - https://yourSisensedomain.com/api/v1/authentication/login_saml_callback/ Entity ID - Sisense Enable Signed Response, select Name ID Format Step 5 Add new mapping for User.email Click Finish. And Ok in the popup window. Enable Sisense application for All users In the Sisense SSO page add Remote Login URL - saved from the Step 2 and Certificate Click Save. Users who access any of the web pages on your Sisense server, will be redirected to Google G Suite authentication Was this article helpful?Setting Up SSO SAML 2.0 with Okta
Okta provides secure identity management and single sign-on to applications that you can add to your Okta account. From Okta, you and your users can log in to Okta and then access applications such as Sisense without having to log in to each application. Okta supports applications that support SAML 2.0, such as Sisense. This page describes how to add Sisense to Okta and configure SSO-support with SAML 2.0. Note: This page reflects a 3rd party’s application which may change. If the steps described here do not match what you see in your Okta account, you can use the generic Sisense SAML documentation, along with the IdP’s documentation. Adding Sisense to Okta To add Sisense to Okta: Log in to Okta. In the menu bar, click Applications -> Browse App Catalog. In the Search field enter Sisense and choose Sisense SAML app. Then click Add Integration. Put Sisense application URL in Base URL and press Done. Sisense is added to your Apps. After you configure SAML 2.0 for Sisense, you can click this application in Okta to launch your Sisense dashboard. Configuring SAML 2.0 for Sisense To configure SAML 2.0: Under the Applications tab, select Applications. In the Applications page, click Sisense. In the Sisense app menu bar, click the Sign On tab -> Edit. Okta’s setup instructions are expanded. Click More Details to get your SSO information which Sisense needs to configure SSO. From the Okta setup instructions, copy the Remote Login URL, Remote Logout URL, and Download Signing Certificate. In the Sisense Web Application, select Single Sign On under the Admin tab. In the Single Sign On page, activate SSO. In the Remote Login URL, Remote Logout URL, and Public X-509 Certificate fields, enter your Okta SSO details into the relevant fields described in Step 4 of this procedure. Click Save. The Okta users you assigned to the Sisense application can access Sisense through Okta without having to log in to Sisense directly.SSO Java example
Make sure you have reference for each of the imported libraries mentioned in the code in the file pom.xml use this example of generating JWT and adjust it to suit your case. import java.io.UnsupportedEncodingException; import java.util.Date; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.view.RedirectView; import javax.servlet.http.HttpServletRequest; import io.jsonwebtoken.JwtBuilder; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; public class SSOHandler { // must define throw exception on function when using the getBytes("UTF-8") on the shared secret key public RedirectView processRequest() throws UnsupportedEncodingException { HttpServletRequest request = ( (ServletRequestAttributes) RequestContextHolder.getRequestAttributes() ).getRequest(); String sharedSecret = "shared_secret_key"; //The JWT signature algorithm we will be using to sign the token SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; // In java secret should be in utf-8 format or the generated jwt will be invalid byte[] b = sharedSecret.getBytes("UTF-8"); long nowMillis = System.currentTimeMillis(); Date now = new Date(nowMillis); String subject = "[email protected]"; // should be supplied by the requester JwtBuilder builder = Jwts.builder() .setSubject(subject) .setIssuedAt(now) //.setAudience("sisense") .setHeaderParam("typ", "JWT") .signWith(signatureAlgorithm, b) ; String jwt = builder.compact(); String return_to = "/app/main"; // any dashboard or widget to redirect the user after authentication. ((Optional)) String redirectUrl = "http://sisense.exampleWebsite.com:8111/jwt?jwt=" + jwt;// + "&return_to=" + return_to; return new RedirectView(redirectUrl); } }Setting Up SSO SAML 2.0 with OneLogin
OneLogin is a single sign-on service where its users only have to enter one set of credentials to access their web apps in the cloud and behind the firewall, including Sisense. OneLogin’s policy-driven password security and multi-factor authentication ensure that only authorized users get access to your dashboards. This page describes how to add Sisense to OneLogin and configure SSO-support with SAML 2.0. Note: This page reflects a 3rd party’s application which may change. If the steps described here do not match what you see in your OneLogin account, you can use the generic Sisense SAML documentation, along with the IdP’s documentation. Adding Sisense to OneLogin OneLogin provides access to online applications through their centralized portal. To access Sisense from OneLogin, you need to create a OneLogin app. Your users can then authenticate through OneLogin and then be redirected to the Sisense Web Application. This procedure explains how to add Sisense to your OneLogin account and then configure Sisense SSO with your OneLogin settings. To add Sisense to your OneLogin configuration: Create a sub-domain account at https://www.onelogin.com. This account is a subdomain for your account. For example, Sisense would be www.sisense.onelogin.com. In your OneLogin sub-domain account, and select Apps > Add Apps. In the Search field, enter SAML Test Connector (IdP w/ attr w/ sign response). As you begin typing, the relevant results are displayed, make sure that you select the correct result. You can keep this name for your app, or define a new name in the Display Name field. The name you enter is the name displayed to your Onelogin SSO users. Click Save. You are redirected to your app’s Settings page. Select the Users tab. In the Users tab, verify that your users are listed. If not, select Users > All Users. Click the relevant user’s name to add the application to their account. When you click their name, the user’s settings are displayed. In the Applications page, select + > New app. Select your new app from the list and click Continue > Save. Select APPS > Company Apps. From the list, select your app. Select the SSO tab to display your SSO settings. In the SSO tab, your SSO details that you need to provide Sisense are displayed. Copy the highlighted fields into the Sisense SSO page. You can access this page in the Sisense Web Application by selecting Admin > Single Sign On > Edit > Select Saml 2.0, then enter the following information: X.509 Certificate: Click View Details to see your certificate. Copy the certificate and paste into the Public X.509 Certificate area as shown in below. SAML 2.0 Endpoint (HTTP): Copy and paste this into the Remote Login URL field in the Sisense Single Sign page. SLO Endpoint (HTTP): Copy and paste this into the Remote Logout URL field in the Sisense Single Sign page. 16. In the Sisense Single Sign page, click Save. The OneLogin users you assigned to the Sisense application can access Sisense through OneLogin without having to log in to Sisense directly. Users who access any of the web pages on your Sisense server will be redirected to OneLogin for authentication.Script to retrieve the user list with first name and last, email, and userID
By following these instructions, users can efficiently check and download a CSV file containing the list of users meeting specific criteria from the developer console in their preferred browser under the user with Admin rights.
