SAML SSO Setup
Standard setup for federated SSO using SAML
Last updated
Standard setup for federated SSO using SAML
Last updated
Access the Netacea Portal as an Admin user using your Username and Password Account.
If the page indicates Single Sign On is disabled, please contact our support team to setup access.
From the Sign Sign On page - download the App Icon and copy the App Name, Audience URI and Reply URL - these values will be needed to set up the SAML Application in your Customer’s IdP
In your organisation's IdP, create a new Netacea App integration.
We have two guides available for demonstration:
Netacea SSO with Microsoft Entra ID - “Create Enterprise Application”
Netacea SSO with Okta - “Create App Integration”
Netacea have provided guides for Microsoft Entra ID and Okta as two common Identity Providers.
The setup details for these Identity Providers should be broadly similar to the examples provided. Reach out to our support team if you are unable to create a correct configuration.
By default, the new application will have no users associated.
Assign one or more users to your IdP Application so that a sign in attempt can be tested at the end of the process. With SSO enabled your organisation is in control of who can and can't access the Netacea Portal.
Additionally we support IP Restrictions for VPNs if you need additional controls.
Once you've created an identity application for Netacea in your IdP - there are several details that we require to setup the integration.
Provide the Metadata URL or Upload Metadata File (XML) for the IdP Application.
By default the IdP identifier will be the subdomain that you are logged in as.
For example an Admin user logged in joe.bloggs@example.com will set the value example.com .
If you require multiple domain identifiers; e.g. supporting example.uk and example.com email addresses on the same account, please contact Netacea’s support team to verify ownership of the second domain.
Map attributes between your IdP and Netacea Atlas Portal. For example, if your Identity Provider includes a "surname" attribute, you should match this to the "Family Name" attribute in Netacea User Pool.
Examples shown in table below.
User Pool Attribute (Netacea / AWS Cognito)
SAML Attribute (Microsoft Entra ID)
Given Name Attribute
name
Family Name Attribute
surname
Email Address Attribute
emailaddress
These data mappings are used to correctly display usernames, send portal notifications to associated email addresses, and are used in Netacea’s Audit Trail feature to identify which actions were taken by who and when. User mappings are created automatically when a user logs into the Netacea Portal via SSO - and can be removed either by request, or through the User Management section of Netacea’s Portal.
Changes must be saved as a draft and validated before applying a new configuration.
Use the Save Draft and Apply buttons to enact your changes ready for testing.
Visit https://portal.netacea.com and attempt to sign in using a valid user associated with your IdP.
A valid login should redirect to your organisation's Identity Provider, where you can authenticate as per your organisation's security requirements, before being returned to the Netacea Portal.
