Guided setup of SAML SSO in EnGenius Cloud's MSP Portal
ADFS installation and initial setup are complete.
Obtain the metadata file from ADFS.
The MSP portal on EnGenius Cloud Platform is activated with an MSP license.
Go to Organization > MSP Portal > Teams > Team Management and find the SAML SSO section.
Enable SAML SSO.
Click on Add to create a new “IdP" to input SAML identity provider details:
Upload the Identity Provider (IdP) Metadata file, which you can extract from your ADFS server.
Provide a Name that helps to identify this IdP.
Provide the Login URL, which is the URL of the existing ADFS login page.
IdP Metadata for SSO Integration
Metadata for an IdP is a data file containing the IdP's unique identifier, service URLs, public key certificates, and supported communication protocols, used to enable secure SSO connections.
Logout URL for Auto-Logout Redirection
The 'Logout URL' allows users to set a specific webpage to redirect to after a defined period of inactivity, ensuring an automatic and secure logout.
Upon creation of IdP, the system auto-generates the Consumer URL for where the IdP user data will be sent post-IdP authentication.
Record the "Consumer URL" as it is essential for future ADFS configuration.
Customize the EnGenius SSO Login URL: Adjust the ending URL for easier recall. It serves as a direct link to the default IdP and is unique to a single IdP.
Select a Default IdP from the IdP list, it will associate to EnGenius Cloud SSO page as the redirect IdP when user tries to login through SSO URL.
Multi-IDP SAML SSO Configuration
You can manage and create several IdPs in the EnGenius Cloud to establish SAML SSO, each with its unique Login and Consumer URLs, but only one can map to the SSO Login shorthand URL.
Navigate to Organization > MSP Portal > Teams > Team Privilege to access the SAML administrator roles. Use this to assign user group privileges. SAML users receive permissions based on the 'role' attribute in their SAML token from the IdP.
To set up a new role for the IdP:
Click "Add Team".
Assign managed scope and permissions as you would for standard users.
To finalize, click "Create admin" and "Save changes".
The new team is set by default to the "All Org" scope with "Admin" permissions; however, customization for individual organizations is possible.