Configure SSO for Sanas Portal

Introduction

Single Sign-On (SSO) is a quick and easy way to authenticate and provides a seamless experience for the Portal Users. This guide provides instructions to configure SSO for the Sanas Portal.

Prerequisites

• Access Requirements —Administrator privileges on the Portal and the Identity Provider (IdP) to perform configuration.

• User Invitation — For SSO to work, ensure all Portal Users are already added to their relevant Workspaces. Refer to Add Portal Users for instructions.

Note: Users attempting to authenticate through SSO who aren’t part of any Workspace will fail authentication.

Configure Portal SSO

Follow the procedure below to configure SSO on the Sanas Portal:

Enable SSO on Portal

1. Get SSO Configuration Details from Portal

   1. Log in to the Sanas Portal with your admin credentials.

   2. Navigate to the Settings menu.

   3. Click Manage under the Portal Authentication.

      

   4. Enable the SSO option if it’s disabled, and copy the following:

      • Identifier

      • Reply URL (Assertion Consumer Service URL)

        

   5. In the next step,

Prepare SSO configuration on the IdP provider

As a next step, you’ll create a SAML application with your preferred IdP provider.

In general, the SSO configuration steps remain common for any IdP provider. For the demonstration, we’ll configure SSO using Okta.

1. Create a SAML Application in Okta.

   1. Log in to your Okta account.

   2. In Okta, navigate to Applications > Applications and click Create App Integration.
      

   3. Select SAML 2.0 as the sign-in method, then click Next.
      

   4. Enter the following application details, then click Next:

      Note: Application details (app name and logo) will be visible for the Portal Users.

      • App Name: Enter an app name (e.g., "Sanas Portal").

      • (Optional) App Logo: Upload a logo.
        

   5. Configure the SAML settings:

      • Single Sign-On URL: Enter the Reply URL you copied from the Portal.
        

      • Audience URI: Enter the Identifier you copied from the Portal.
        

      • Name ID Format: Set to EmailAddress.

      • Application Username: Set to Okta username.

        Note: Name ID Format and Application Username attributes are mandatory and must be set to email address and Okta username of the users. Portal validates users using these attributes.

   6. Under Attribute Statements, configure the following mappings:

      • username: user.login

      • name: user.firstName + " " + user.lastName

      • (Optional) sanasTeam: user.sanasTeam

      • sanasUserType: user.sanasUserType

        

   7. Select the checkbox, then click Finish.

2. Copy Sign On Details from Okta

   1. Open the created application on Okta.

   2. Navigate to the Sign On tab and copy the Sign On URL.
      

   3. From the SAML Signing Certificates section, download the certificate (SHA-2 > Action > Download certificate).
      

Use the below IdP resources for SSO configurations:

• Azure AD

• Google

Save the SSO configuration on the Portal

1. Return to the SSO configuration window on the Portal.

   1. Enter the Sign on URL.
      

   2. Upload the X.509 certificate you’ve downloaded from Okta.
      

   3. Click Save to apply the changes.

   4. Perform a test authentication on the Portal using the configured SSO Okta.

Troubleshooting

Ensure the SSO is configured correctly for the following points:

• User present on IdP — Ensure all the intended Portal users are already present on the IdP provider you’ve configured for SSO.

• Attributes mapping — Ensure the following user attributes are configured during SSO configuration on IdP:

  • email — email added on Portal

  • name — name added on Portal.

• Sign On URL — Ensure the correct Sign On URL is configured on the Portal. The portal uses this URL to authorize the user’s access.

• Certificate Upload — Ensure the correct certificate is uploaded on Portal.

Support