SAML SSO Setup

Standard setup for federated SSO using SAML

Access the Netacea Portal

Access the Netacea Portal as an Admin user using your Username and Password Account.

• https://portal.netacea.com/user-management/single-sign-on

If the page indicates Single Sign On is disabled, please contact our support team to setup access.

SSO is Disabled by default, contact support in the first instance!

SSO Enabled

Download App Icon and copy App Name, Audience URI and Reply URL

From the Sign Sign On page - download the App Icon and copy the App Name, Audience URI and Reply URL - these values will be needed to set up the SAML Application in your Customer’s IdP

Download App Icon and copy App Name, Audience URI and Reply URL in to your IdP Application

Create an Enterprise Application / App Integration

In your organisation's IdP, create a new Netacea App integration.

We have two guides available for demonstration:

• Netacea SSO with Microsoft Entra ID - “Create Enterprise Application”

• Netacea SSO with Okta - “Create App Integration”

Check out the FAQs for answers to some common issues

Netacea have provided guides for Microsoft Entra ID and Okta as two common Identity Providers.

The setup details for these Identity Providers should be broadly similar to the examples provided. Reach out to our support team if you are unable to create a correct configuration.

Associate Users with Application

By default, the new application will have no users associated.

Assign one or more users to your IdP Application so that a sign in attempt can be tested at the end of the process. With SSO enabled your organisation is in control of who can and can't access the Netacea Portal.

Additionally we support IP Restrictions for VPNs if you need additional controls.

Register Application Details with Netacea Portal

Once you've created an identity application for Netacea in your IdP - there are several details that we require to setup the integration.

Metadata URL

Provide the Metadata URL or Upload Metadata File (XML) for the IdP Application.

IdP Identifier

By default the IdP identifier will be the subdomain that you are logged in as.

For example an Admin user logged in joe.bloggs@example.com will set the value example.com .

If you require multiple domain identifiers; e.g. supporting example.uk and example.com email addresses on the same account, please contact Netacea’s support team to verify ownership of the second domain.

Specify Attribute Mappings

Map attributes between your IdP and Netacea Atlas Portal. For example, if your Identity Provider includes a "surname" attribute, you should match this to the "Family Name" attribute in Netacea User Pool.

Examples shown in table below.

User Pool Attribute (Netacea / AWS Cognito)	SAML Attribute (Microsoft Entra ID)
Given Name Attribute	name
Family Name Attribute	surname
Email Address Attribute	emailaddress

These data mappings are used to correctly display usernames, send portal notifications to associated email addresses, and are used in Netacea’s Audit Trail feature to identify which actions were taken by who and when. User mappings are created automatically when a user logs into the Netacea Portal via SSO - and can be removed either by request, or through the User Management section of Netacea’s Portal.

Save Draft and Apply Changes

Changes must be saved as a draft and validated before applying a new configuration.

Use the Save Draft and Apply buttons to enact your changes ready for testing.

Testing

Visit https://portal.netacea.com and attempt to sign in using a valid user associated with your IdP.

A valid login should redirect to your organisation's Identity Provider, where you can authenticate as per your organisation's security requirements, before being returned to the Netacea Portal.