Setting up SSO - OneLogin

Follow

SSO (Single Sign On) authentication lets you access your company’s applications and websites with a single set of login credentials. Centage has now enabled you to include Planning Maestro in your SSO solution.

You can add Planning Maestro to your company’s SSO solution if you use any SAML 2.0 compliant identity providers, including:

  • Okta
  • OneLogin
  • RSASecurID
  • Idaptive
  • Ping
  • Azure AD
  • CA Technologies
  • ... (and many more. Ask Centage Support.)

Your company has a designated SSO Admin user who can set up SSO for your company.

This document shows you, an SSO Admin, how to set up SSO for your company using OneLogin.

Setting up SSO with OneLogin

Step 1: Open your company’s OneLogin account. On the homepage, select Administration.

I1a.png

Step 2: On the Administration page, select the Users tab.

I4a.png

Step 3: On the Users page, hover over the More Actions dropdown menu and select Custom user fields.

I4b.png

Step 4: On the Custom User Fields page, click New User Field.

I4c.png

Step 5: A New User Field popup appears. Enter the following information in the fields provided:

  • Name – Enter planningMaestroUserName in this field.
  • Shortname – Enter planningMaestroUserName in this field.

Click Save.

I4d.png

A confirmation message appears.  Now, add Planning Maestro to your SSO solution as an app. 

Step 6: Now, add Planning Maestro as an app. Select the Applications tab.

I1b.png

Step 7: On the Applications page, in the top right, select Add Apps.

I1c.png

Step 8: In the search field, enter SAML. Select SAML Test  Connection (idP w/attr w/ sign response).

I1e.png

Step 9: Replace the default Display Name with Planning Maestro as the Display Name. Click Save.

I1j.png

Setting up the Connection

Step 1: On the SAML Test Connector (IdP w/attr w/ sign response) page, select the Configuration tab on the left.

I1f1.png

Step 2: Under Configuration, enter the following information in the fields provided and leave the others blank:

I1g.png

  1. Audience – planning-maestro
  2. Recipienthttps://domainName.planningmaestro.com/saml/SSO
  3. ACS (Consumer) URL Validator* – ^https://domainName.planningmaestro.com/saml/SSO.*$
  4. ACS (Consumer) URL*https://domainName.planningmaestro.com/saml/SSO
  5. Click Save.

Info.png Please Note: In the URLs, replace “domainName” with the actual name for your company’s Planning Maestro account (often the name of your company). For example, the screenshots display the setup for a company named Paradventure, Inc., whose domain name is paradventureinc.

Step 3: Click on the Parameters tab.

I1g1.png

Step 4: On the Parameters tab, click the Add icon ( Add_.png ).

I1m.png

Step 5: A New Field popup appears.

  • Enter the field name as planningMaestroUserName.
  • Mark the Include in SAML assertion checkbox.
  • Click Save.

 I4f.png

Step 6: Click on the dropdown menu under Value and select: planningMaestroUserName (Custom)

I4g1.png

Step 7: Click Save.

I4g.png

Step 8: Select the SSO tab.

I4h1.png

Step 9: On the SSO tab, under SAML Signature Algorithm, click on the dropdown menu and select SHA-256.

I1o.png

Step 10: Click Save.

I1q.png

Saving Your Issuer URL

When you set up SSO in Planning Maestro, you will need two pieces of information from OneLogin:

  1. Issuer URL (Planning Maestro calls this the “Metadata URL”)
  2. Recipient URL

On the SSO tab, copy and save the Issuer URL somewhere secure (you will need to use this later in Planning Maestro).

Info.png Please Note: When you set up SSO in Planning Maestro, you will need a Metadata URL. “Issuer URL” is OneLogin’s name for Metadata URL.

I1p.png

  • A confirmation message appears.
  • The SSO portal is created.
  • Now, select the Configuration tab to view and save your Recipient URL.

I1r1a.png

Save the URL in the Recipient field with the same place you saved your Issuer URL. You will need both your Issuer URL and Recipient URL to set up SSO in Planning Maestro.

I1r2.png

Now, use the following section to set up users who need to access Planning Maestro.

Assigning Users

Step 1: To enable specific users to access Planning Maestro through OneLogin’s SSO portal, in the top left, select Users.

I2a.png

Step 2: Select users from the available list.

Warning.png Please Note: If you want a user to access Planning Maestro who does not have a OneLogin account, you need to create the user’s profile in OneLogin before setting up their access to Planning Maestro.

I3b.png

Step 3: The user’s profile opens.

  1. Make sure the Username listed on this profile matches the user’s username in Planning Maestro.
  2. Make sure the planningMaestroUserName matches the user’s username in Planning Maestro.
  3. Then, select the Applications tab on the left.

I3c.png

Step 4: The Applications tab opens. Click the Add icon ( Add_.png ).

I3a.png

Step 5: An Assign new login to [user] popup opens. Click the dropdown menu and select the Planning Maestro app.

I3d.png

Step 6: Click Continue.

I3e.png

Step 7: Confirm that this user’s planningMaestroUserName is an exact character match with their Planning Maestro username and click Save.

I3f.png

Example.png Example: In the screenshot, Emma Employee’s planningMaestroUserName is eemployee in both OneLogin and Planning Maestro.

I3g.png

  • A confirmation message appears.
  • The Planning Maestro app appears under Applications in the user’s profile.

Step 8: Click Save User.

I3h.png

A confirmation message appears.

I3i.png

On the Applications/SAML Test Connector (IdP w/ attr w/ sign response) page, on the Users tab, this user appears as one of the users who can access Planning Maestro through their OneLogin portal.

I3j.png

To assign more users to access Planning Maestro through OneLogin, repeat steps 1-5.

 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.