SAML 2.0

Cerego Support
  • Updated

SAML 2.0 FAQ

Summary: ​SAML 2.0 support greatly expands the single-sign-on (SSO) capabilities of Cerego beyond simply that of sign in with Google, allowing our partners greater control over their user’s identify service, and allowing Cerego to interface more seamlessly with their existing identity service.

What doe this feature do?

  • Removes the need for Cerego users to manage Cerego specific login credentials

  • Allows users to initiate login from a central identity management system

  • Allows for the automatic provisioning of Cerego user accounts upon initial login

What are the requirements to using this new SSO functionality?

  • Our SAML2.0 authentication is Service Provider initiated. In order to leverage this, you must have a 3rd party Identity Provider (IdP) such as OneLogin, Okta, Auth0

Implementation

What information does Cerego need to provide to the Partner?

Cerego Application Callback URL: https://cerego.com/api/v4/saml/​:partnerid​/consume

  •   Cerego employee will need to substitute :partnerid with client’s actual partner ID
  •   It is recommended that you utilize the partner ID that contains the partner name rather than       their numerical ID

Service Provider Entity ID:

  • If this is ​not generated by the IdP: ​Utilize the same URL supplied for the Application Callback URL
  • Service Provider​ in this case refers to Cerego
  • This serves as a check to confirm the proper partner organization is being SSO’d in to

Email Attribute Statement:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

  • This provides us with the email of the user initiating SSO, so that they can land in their Cerego account

 Name Attribute Statement (optional):

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

  • This is not required, but is recommended

What information needs to be collected from the Cerego Partner?

  • The login URL for the Identity Provider
  • This is utilized on the Cerego side of things in order to allow the user to login if initiated on the Cerego side of things

 

The Identity Provider’s public certificate

  • Available through the IdP
    • May be a large string of text, or a .cert file

  • The Identity Provider’s ​issuer

  • [Depending on IdP] The Identity Provider’s ​idp_entity_id

What do you do with this info once collected?

Collect the information provided above, and utilizing the template below, provide the information to the Cerego Product Manager. Once the data has been provided (Slack is fine), a ticket will be created and inserted into the current or following development sprint:

Partner name:

Identity provider:

IdP login URL:

IdP public certificate: IdP issuer:

 

An example of this might look like:

  • Partner name: Hanko’s Demo

  • Identity provider: Okta

  • IdP login URL:

    https://ceregossotest.okta.com/app/ceregoorg270586_cerego_1/exk1l9tydlXAEkuNm35

    7/sso/saml

  • IdP public certificate:

    MIIDqjCCApKgAwIBAgIGAW3QUUxHMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDV QQGEwJVUzETMBEG A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA 1UECgwET2t0YTEU MBIGA1UECwwLU1NPUHJvdmlkZXIxFjAUBgNVBAMMDWNlcmVnb3Nzb3Rlc3QxHDA aBgkqhkiG9w0B CQEWDWluZm9Ab2t0YS5jb20wHhcNMTkxMDE1MTY0NjMxWhcNMjkxMDE1MTY0Nz MxWjCBlTELMAkG A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGc mFuY2lzY28xDTAL BgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRYwFAYDVQQDDA1jZ XJlZ29zc290ZXN0 MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAA OCAQ8AMIIB

  • CgKCAQEAroNLna3UqJc+Oab4deQt5QIy+Df0Sq0yP4sSnLGuU/W1lhMZUN5X05NA3a iiB/T6lJcu yMMKopTxpzRTVAxhjZnhV9T/+XcgPLgpWJCev6BD/R3WTXnWeLsz9m7E1Hewbpt4Q OtO0SVYUS16 SI6yBmRya7CZk1O8irGcPMmw7Y+k0dPu6nVfzhhFhY1yWXDLbtdX8K5RIiJXt3KfofyVR 7d+Yh3v aRMD1HnJmaWmbBWjkMZyl9Zfw6jwxGpe6572iYUC0KNEQp+VIdGPvQxIxkI0JC1D6z Ao16OXRNSC 2o9WKa82BLdeXPKjQp/KXPrlP1GEB3phZQbjyTR+bNSBzwIDAQABMA0GCSqGSIb3D QEBCwUAA4IB AQCjj8PJaAT4x4WGf+Sr+ADnjPaSMgmA9OAzVu7l34IaAedO992CxzDXKS0uDk9KLNI 0LhxdoBxr 35nnLpW7QEs4UyFmi+VWBpkC5riEYwakMlQnmaKhmHcR6+xnLSQRQjtNRDLK1j6AJ +AE6mwSV1Ry 7fILxCmscp4/AcdOkwuGGa08FfhXaXGtBeotchFiQoD9CfwboqFB+U6075RGdGP8pmz CCpyw11ox 7ZY3B036dLKSvLcmA7LKclgrvFUm5EZukxscIgb2+2/ws1HAe+ry13fBWw1F2e17M7RE /ML8hy8j

    0pL+jKYYWWacCZPIymlhmcZ+iHfkGSIrTbtCksAO
    IdP issuer: http://www.okta.com/exk1l9tydlXAEkuNm357

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.