SSO (Single Sign On) authentication lets you access your company’s applications and websites with a single set of login credentials. Centage has now enabled you to include Planning Maestro in your SSO solution.
You can add Planning Maestro to your company’s SSO solution if you use any SAML 2.0 compliant identity providers, including:
- Okta
- OneLogin
- RSASecurID
- Idaptive
- Ping
- Azure AD
- CA Technologies
- ... (and many more. Ask Centage Support.)
Your company has a designated SSO Admin user who can set up SSO for your company.
This document shows you, an SSO Admin, how to set up SSO for your company using OneLogin.
Setting up SSO with OneLogin
Step 1: Open your company’s OneLogin account. On the homepage, select Administration.
Step 2: On the Administration page, select the Users tab.
Step 3: On the Users page, hover over the More Actions dropdown menu and select Custom user fields.
Step 4: On the Custom User Fields page, click New User Field.
Step 5: A New User Field popup appears. Enter the following information in the fields provided:
- Name – Enter planningMaestroUserName in this field.
- Shortname – Enter planningMaestroUserName in this field.
Click Save.
A confirmation message appears. Now, add Planning Maestro to your SSO solution as an app.
Step 6: Now, add Planning Maestro as an app. Select the Applications tab.
Step 7: On the Applications page, in the top right, select Add Apps.
Step 8: In the search field, enter SAML. Select SAML Test Connection (idP w/attr w/ sign response).
Step 9: Replace the default Display Name with Planning Maestro as the Display Name. Click Save.
Setting up the Connection
Step 1: On the SAML Test Connector (IdP w/attr w/ sign response) page, select the Configuration tab on the left.
Step 2: Under Configuration, enter the following information in the fields provided and leave the others blank:
- Audience – planning-maestro
- Recipient – https://domainName.planningmaestro.com/saml/SSO
- ACS (Consumer) URL Validator* – ^https://domainName.planningmaestro.com/saml/SSO.*$
- ACS (Consumer) URL* – https://domainName.planningmaestro.com/saml/SSO
- Click Save.
Please Note: In the URLs, replace “domainName” with the actual name for your company’s Planning Maestro account (often the name of your company). For example, the screenshots display the setup for a company named Paradventure, Inc., whose domain name is paradventureinc. |
Step 3: Click on the Parameters tab.
Step 4: On the Parameters tab, click the Add icon ( ).
Step 5: A New Field popup appears.
- Enter the field name as planningMaestroUserName.
- Mark the Include in SAML assertion checkbox.
- Click Save.
Step 6: Click on the dropdown menu under Value and select: planningMaestroUserName (Custom)
Step 7: Click Save.
Step 8: Select the SSO tab.
Step 9: On the SSO tab, under SAML Signature Algorithm, click on the dropdown menu and select SHA-256.
Step 10: Click Save.
Saving Your Issuer URL
When you set up SSO in Planning Maestro, you will need two pieces of information from OneLogin:
- Issuer URL (Planning Maestro calls this the “Metadata URL”)
- Recipient URL
On the SSO tab, copy and save the Issuer URL somewhere secure (you will need to use this later in Planning Maestro).
Please Note: When you set up SSO in Planning Maestro, you will need a Metadata URL. “Issuer URL” is OneLogin’s name for Metadata URL. |
- A confirmation message appears.
- The SSO portal is created.
- Now, select the Configuration tab to view and save your Recipient URL.
Save the URL in the Recipient field with the same place you saved your Issuer URL. You will need both your Issuer URL and Recipient URL to set up SSO in Planning Maestro.
Now, use the following section to set up users who need to access Planning Maestro.
Assigning Users
Step 1: To enable specific users to access Planning Maestro through OneLogin’s SSO portal, in the top left, select Users.
Step 2: Select users from the available list.
Please Note: If you want a user to access Planning Maestro who does not have a OneLogin account, you need to create the user’s profile in OneLogin before setting up their access to Planning Maestro.
|
Step 3: The user’s profile opens.
- Make sure the Username listed on this profile matches the user’s username in Planning Maestro.
- Make sure the planningMaestroUserName matches the user’s username in Planning Maestro.
- Then, select the Applications tab on the left.
Step 4: The Applications tab opens. Click the Add icon ( ).
Step 5: An Assign new login to [user] popup opens. Click the dropdown menu and select the Planning Maestro app.
Step 6: Click Continue.
Step 7: Confirm that this user’s planningMaestroUserName is an exact character match with their Planning Maestro username and click Save.
Example: In the screenshot, Emma Employee’s planningMaestroUserName is eemployee in both OneLogin and Planning Maestro. |
- A confirmation message appears.
- The Planning Maestro app appears under Applications in the user’s profile.
Step 8: Click Save User.
A confirmation message appears.
On the Applications/SAML Test Connector (IdP w/ attr w/ sign response) page, on the Users tab, this user appears as one of the users who can access Planning Maestro through their OneLogin portal.
To assign more users to access Planning Maestro through OneLogin, repeat steps 1-5.
Comments
Please sign in to leave a comment.