Skip to main content
System StatusContact Support
VersionOne Community

Continuum Single Sign-On (SSO) Configuration

Overview

Continuum 19.1 and later versions support integration with SAML compliant external user authentication tools such as Okta, Centrify, OneLogin, and Ping Identity.

SAML is an XML-based open standard developed by OASIS Security Services Technical Committee. It defines a framework to perform web browser SSO using secure tokens for exchanging security information between web applications. For more information about SAML, its concepts and components, see https://www.oasis-open.org/.

Set up SAML Authentication for Continuum Users

Setting up Continuum to use SAML compliant external authentication is a two-step process:

  • Set up Continuum as a Service Provider (SP) with the SAML compliant IdP such as Okta, Centrify, OneLogin or Ping Identity. 
  • Enable SSO in Continuum and configure Continuum to use the SAML compliant IdP for authentication.

Of these two steps, setting up Continuum as a Service Provider with the IdP is out of scope of this topic. However, this topic includes instructions on how to get the Continuum metadata that's required to configure Continuum as a Service Provider with the IdP.

Get the Continuum Metadata

  1. Once you have Continuum installed, log on to Continuum as an Administrator. 
  2. Click the Administration icon ( ctm02.png ) at the top right and select System > Settings from the menu.
  3. Select the SSO tab.
  4. Click Get Metadata.

ctm-sso-00.png

  1. Save the XML file for later use when you register Continuum as a Service Provider with the SAML IdP.

ctm-sso-02.png

Enable and Configure SSO in Continuum

  1. With the Continuum metadata at hand, make sure you have configured Continuum as a Service Provider with the SAML IdP. 
  2. Log on to Continuum as an Administrator. 
  3. Click the Administration icon ( ctm02.png ) at the top right and select System > Settings from the menu.
  4. Select the SSO tab.

ctm-sso-01.png

  1. If you have the IdP metadata XML file, you can import the same by clicking Import IdP XML. Otherwise, you can fill in the fields manually.

ctm-sso-03.png

Click Upload, browse and select the IdP XML file to import the IdP's metadata. 

You can also copy and paste the configuration XML code in the text box. 

When done, click Validate and Save.

  1. If you do not have the IdP configuration XML file, enter the details for the fields such as the IdP Entity ID, IdP SSO URL, and IdP X509 Certificate. The Service Provider Entity IdAssertion Consumer Service URL (HTTP-POST) and Name ID format fields are auto-filled.
  1. Click Enable SSO.
  2. Click Test Connection and make sure the connection is successful.

ctm-sso-06.PNG

  1. Click Save.

This concludes the SSO configuration.

From this point, clicking Sign-in from the Continuum log-on page takes the users to the organization's SSO page.

clipboard_e70a888b3c1fa211846b33678818cc4c9.png

Configure the IdP's Directory Service Field to Supply the Username 

Continuum uses email ID as the key to identifying user accounts. As a result, user authentication may fail if your IdP does not include the email ID in its SAML response. In such cases, you must make sure that your IdP's response includes the email ID (by mapping the Directory Service Field appropriately).

For example, you must map "mail" as the Directory Service Field to supply the username in Idaptive's Centrify.

clipboard_ecaff5e58701576e3a52f37ce3b9131f1.png

 

 

 

  • Was this article helpful?