LATEST VERSION: 1.7 - RELEASE NOTES
Single Sign-On v1.7

Configuring a Single Sign-On Service Provider

This topic describes how to add an external identity provider to your Pivotal Single Sign-On (SSO) service plan.

Step 1: Setting up SAML

  1. Log in to the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN as a Plan Administrator.

  2. Select your plan and click Manage Identity Providers on the drop-down menu.

    Azure manage id providers

  3. Click New Identity Provider to create a new identity provider.

    New id provider

  4. To create a new identity provider, do the following:

    1. Enter an Identity Provider Name.
    2. (Optional) Enter an Identity Provider Description.
    3. Enter the App Federation Metadata Url you obtained from step 7 in Step 2: Set up SAML in Azure Active Directory (AD) and click Fetch Metadata.
    4. (Optional) Enter mappings under Advanced SAML Settings > Attribute Mappings.
  5. Click Create Identity Provider.

Step 2: Configure Group Permissions

Note: Azure AD will pass the Object ID of the groups recorded in step 5 of Step 3: Set up Claims Mapping to the SSO plan.

  1. Add groups to be propagated from the external identity provider to the ID token by following these steps:

    1. Log in to the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN as a Plan Administrator.
    2. Select your plan and click Manage Identity Providers on the drop-down menu.
    3. Click Group Whitelist next to your identity provider.
    4. Enter the group names.
    5. Click Save Group Whitelist.
  2. Map the groups to resources defined in the SSO service by following these steps:

    1. Log in to the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN as a Plan Administrator.
    2. Select your plan and click Manage Identity Providers on the drop-down menu.
    3. Click Resource Permissions.
    4. Click New Permissions Mapping and perform the following steps:
      1. Enter a Group Name.
      2. For Select Permissions, select the permissions that the members of the group from the external identity provider should have access to.
      3. Click Save Permissions Mapping.
Create a pull request or raise an issue on the source for this page in GitHub