SAML SSO
RegScale supports SAML authentication
NOTE: RegScale strongly recommends using OAuth for Federated Identity Management/SSO where
possible. If your use case requires the use of SAML for authentication and authorization,
please contact Customer Success, or consult with your Professional Services representative.
Steps to configure SAML in RegScale:
- Log in as an administrator to the tenant for which you want to enable SAML.
- Navigate to the Automation Panel from the profile dropdown under your username.
- In the SAML section, select Config.
- Craft and paste a JSON configuration object based on the guidance below.
Note: At present, only a single SAML tenant is allowed. Authentication settings are tenant-scoped, so SAML cannot be enabled on a tenant while OAuth is also enabled on the same tenant.
Configuration JSON Example:
{
"IdPMetadata": “<https://dev-08722230.okta.com/app/exkdg7dgikWTfuRYX5d7/sso/saml/metadata”>,
"Issuer": "Okta_SAML_Example",
"SignatureAlgorithm": “<http://www.w3.org/2001/04/xmldsig-more#rsa-sha256”>,
"CertificateValidationMode": "ChainTrust",
"RevocationMode": "NoCheck"
}
Details:
- IdPMetadata: Your SAML IdP Application’s metadata endpoint. Must be accessible from the RegScale runtime environment.
- Issuer: Value configured in the IdP Application and used to verify the issuer of a SAML assertion. Some IdP’s use “Audience” for this value.
- Others: standard values not requiring change or explicit configuration.
If your SAML application requires two-way encryption, let your RegScale Professional Services Representative know and they will generate a RegScale certificate and provide you with the public key. The OOTB configuration above will work with just assertion-signing enabled.
Updated 5 months ago