SSO Configuration : SAML

    Figure: Accessing the SUMMIT application from OKTA URL

    Figure: Logging into SUMMIT application

Figure: OKTA icon on SUMMIT Login page

Figure: OKTA Login page

Figure: Logging into SUMMIT application

You can add SUMMIT as SAML app from the OKTA Console.

1. Log into OKTA Admin Console. Click Admin. Click Add Applications under Shortcuts menu.

Figure: Okta page: Adding SUMMIT app

2. Click Create a new app. The Create a New Application Integration pop-up is displayed. Select the SAML 2.0 option and click Create.

Figure: Okta page: SUMMIT app integration

3. Provide the required details under the General Settings and click Next.

Figure: Okta page: SUMMIT app details

4. Provide the SAML details under SAML Settings and click Next.

Figure: Okta page: SUMMIT SAML details

5. Provide the feedback details under Feedback and click Finish.

Figure: Okta page: Feedback

6. Click View Setup Instructions. Provide the required details.

Figure: Okta setup instructions

If SUMMIT is already added as a SAML app, you can modify the details as required.

1. Log into OKTA Admin Console. Click Admin. Click Add Applications under Shortcuts menu.

Figure: Okta page: Editing SUMMIT app details

2. Click Apps you created. Select the SUMMIT app that you want to update and click Edit.

Figure: Okta page: Editing SUMMIT app details

3. Update the required details under the General Settings and click Next.

Figure: Okta page: Editing SUMMIT app details

4. Update the SAML details under SAML Settings and click Next.

Figure: Okta page: Editing Feedback details

5. Update the feedback details under Feedback and click Finish.

Figure: Okta page: Editing Feedback details

6. Click View Setup Instructions. Update the required details.

Figure: Okta page: Editing setup instructions

You can add the users for whom SSO will be available for the SUMMIT SAML app.

1. Log into OKTA Admin Console. Click Admin. Select People from the Directory menu.

Figure: Adding People

2. Click Add Person. The Add Person pop-up is displayed. Provide the details about the user you are adding and click Add Person. If you want to add more users, click Save and Add Another.

Figure: Adding People details

3. The added user needs to be activated so that the user can use SSO from OKTA for SUMMIT. Click Activate. A confirmation pop-up page is displayed. Click Activate User.

Figure: Activating the added person

You can add SUMMIT as SAML app from the Google Admin Console.

1. Log into Google Admin Console. Click Apps and select SAML Apps.

Figure: Google App Settings page

2. Click the Plus icon to enable SSO for SAML application. Click SETUP MY OWN CUSTOM APP.

Figure: Setting up SUMMIT as custom app

3. Provide the SSO URL, Entity ID, and download the certificate. Click NEXT.

Figure: Downloading the certificates

4. Provide basic information about the SUMMIT application and click NEXT.

Figure: Basic details

5. Provide the Service Provider details and click NEXT.

Figure: Service Provider details

6. Provide mappings between service provider attributes to available user profile fields. You can also come back later to complete the attribute mapping. Click FINISH.

Figure: Attribute mapping

If SUMMIT is already added a SAML app, you can modify the details as required.

1. Log into Google Admin Console. Click Apps and select SAML Apps.

Figure: Google App Settings page

2. Select the SUMMIT SAML app that you want to update.

Figure: Updating SUMMIT details

Figure: Updating SUMMIT details

3. Click the Service Provide Details and the Attribute Mapping sections to modify details in the respective sections.

Figure: Updating Service Provider details

Figure: Updating Attribute Mapping

You can enable or disable the SUMMIT SAMP app configuration for all the users or for selected organizations.

1. Log into Google Admin Console. Click Apps and select SAML Apps.

Figure: Google App Settings page

2. All the configured SAML apps are displayed. Click the three dots next to the SUMMIT SAML app that you want to enable or disable for users. Select the appropriate option from the options. The available options are ON for everyone, ON for some organizations, and OFF.

Figure: Enabling SUMMIT app

You can add the users for whom SSO will be available for the SUMMIT SAML app.

1. Log into Google Admin Console and select Users from the left menu.

Figure: Adding Users

2. Mouse hover on the Add icon, The available icons are: Invite users, Add multiple users, and Add user.

Figure: Adding users

Figure: Multiple options to add users

2. Invite users: Select this option to invite users to use the SUMMIT SAML app as SSO from Google. Specify the e-mail ids of the users to whom you want to send the invitation.

Figure: Inviting users

Figure: Inviting users

2. Add multiple users: Select this option to add multiple users. You can upload a Microsoft Excel sheet with the names of the users and other details (download the template AS.CSV).

Figure: Adding multiple users

2. Add user: Select this option to a user. Provide the first name, last name, and the e-mail id of the user.

Figure: Adding single user

1. Login to Ping Federate server.
   
   
   Figure: Ping Federate Login Screen
   
2. On the Identity Provider tab, under SP Connections section, click Create New.
   
   
   Figure: Identity Provider tab
   

3. On the SP Connection section, configure the tabs as follows:

Connection Type

Connection Options

Import Metadata

General Info

Browser SSO

Credentials

Activation & Summary

4. Click Server Configuration and then click Metadata Export under ADMINISTRATIVE FUNCTIONS.

Metadata Role

Metadata Mode

Connection Metadata

Metadata Signing

Export & Summary

SSO Configuration in SUMMIT (For Ping Federate)

To configure SSO in the SUMMIT application:

1. Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed. Select SAML and click ADD NEW under ACTIONS panel.

Figure: SSO Configuration page

2. Type in the SSO configuration details. For more information about the fields on the SSO CONFIGURATION page, see Field Description.

3. Click VALIDATE. The certificate information is displayed if the uploaded certificate is valid. For invalid certificate, an error message is displayed.

4. Click SUBMIT. The SSO is configured successfully.

Field Description

The following table describes the fields on the SSO CONFIGURATION page:

1. Login to your ADFS account. On the Start screen, in the Search bar type in ADFS Management. Click ADFS Management.
   
   
   Figure: ADFS Start screen
   
2. Under Trust Relationships, click Relying Party Trusts and then click Add Relying Party Trust.
   
   
   Figure: Add Relying Party Trust
   
3. On the Welcome tab of Add Relying Party Trust Wizard, click Start.
   
   
   Figure: Welcome tab
   
4. On the Select Data Source tab, select Enter data about the relying party manually.
   
   
   Figure: Select Data Source tab
   
5. On the Specify Display Name tab, specify a Display name and click Next.
   
   
   Figure: Specify Display Name tab
   
6. On the Choose Profile tab, select AD FS Profile and click Next.
   
   
   Figure: Choose Profile tab
   
7. On the Configure Certificate tab, click Next.
8. On the Configure URL tab, Select Enable Support for the SAML 2.0 Web SSO Protocol.
   
   
   Figure: Configure URL tab
   
9. On the Configure Identifiers tab, specify a Relying Party trust identifier and click Next.
   
   
   Figure: Configure Identifiers tab
   
10. Configure Multi-factor Authentication Now

     

    

    Figure: Configure Multi-factor Authentication Now

11. Choose Issuance Authorization Rules

     

    

    Figure: Choose Issuance Authorization Rules tab

12. Ready to Add Trust

     

    

    Figure: Ready to Add Trust tab

13. Finish

     

    

    Figure: Finish tab

14. Click Add Rule and Choose Claim Rule as Send LDSP Attributes as Claims on the Edit Claim Rules for ADFSSAML window.
    
    
    Figure: Add Rule
    
15. On the Choose Rule Type section, select Claim Rule Template as Send LDAP Attributes as Claims.
    
    
    Figure: Choose Rule Type
    
16. Specify the details in Configure Claim Rule tab as shown in the image below and click Finish.
    
    
    Figure: Configure Claim Rule
    

    Note: SUMMIT Application uses Email of the user as a login ID. For this to work, you need to set up the Email as the NameID on the SAML login request. This can be achieved by setting up a Transform Rule.

17. Click Add Rule again, choose Transform an Incoming Claim and click Next.
    
    
    Figure: Choose Rule Type tab
    
18. Setup Email ID to be sent as NameID as shown below and click Finish.
    
    
    Figure: Configure Claim Rule
    
19. On the AD FS Management window, right click on the Relying Party for Summit and choose properties. Under the Advanced tab, choose SHA­-256 as the Secure Hash Algorithm
    
    Figure: Secure hash Algorithm
    
20. On the AD FS Management Window, choose Services -> Certificates and double click “Token Signing Certificate”, which will give you an option "copy to file". By doing this, you will be able to export the X509 certificate from the raw file.
    
    
    Figure: Certificates Section
    
21. Select the format as shown below.
    
    
    Figure: Export File Format
    

SSO Configuration in SUMMIT (For ADFS)

To configure SSO in the SUMMIT application:

1. Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed. Select SAML and click ADD NEW under ACTIONS panel.

Figure: SSO Configuration page

2. Type in the SSO configuration details. For more information about the fields on the SSO CONFIGURATION page, see Field Description.

3. Click VALIDATE. The certificate information is displayed if the uploaded certificate is valid. For invalid certificate, an error message is displayed.

4. Click SUBMIT. The SSO is configured successfully.

Field Description

The following table describes the fields on the SSO CONFIGURATION page: