Skip to main content

Privacera Documentation

Enable Single Sign On on PrivaceraCloud

PrivaceraCloud can be configured for Single Sign On (SSO) with a SAML connection. To activate SSO, you must connect an external IdPs (Okta and Azure) via SAML.

These are the general steps for enabling SSO:

  1. Connect an IdP to PrivaceraCloud.

  2. On the PrivaceraCloud UI, enable SSO login. For more information, see Enable only SSO login.

Effects of enabling SSO

When SSO is enabled, users can log in to PrivaceraCloud using only their SSO credentials. When enabled, you can redirect to your organization's authentication system, such as Okta or Azure.

Note

When SSO login is enabled, an account administrator can also login via SSO.

Connect IdP (Okta and Azure AD)

These steps are to connect an IdP to your PrivaceraCloud account.

Prerequisites

Establish an Okta or Azure AD account and obtain key information before configuring Privacera SAML.

For more information about Okta setup, see Okta setup for SAML-SSO on PrivaceraCloud to obtain required SAML and metadata information.

For more information about Azure AD setup, See Set up Azure AD SAML-SSO on PrivaceraCloud to obtain required SAML and metadata information.

Once that information is available return to this section to complete the setup.

Steps to connect IdPs

  1. On the left navigation, go to Settings > Identity.

  2. Click the Single Sign On section.

    You can see the single Sign On section with the fields.

  3. Using the IMPORT PROPERTIES button, you can browse and import application properties.

  4. Using the EXPORT PROPERTIES button, you can save the application properties.

  5. Enter the Application Properties details in the given fields, see tables below.

  6. Click Save.

The following table shows the mapping of the fields in PrivaceraCloud with the fields of the SAML app in the Okta account:

Table 37. PrivaceraCloud and Okta fields

PrivaceraCloud Fields

SAML App Fields in Okta

Values

Description

Entity Id

Audience URI (SP Entity ID)

privacera_portal

The value of the Entity id is the same as that which is used to configure Okta or Azure.

Identity Provider Url

Embed Link

URL

Use Embed link from General > App Embed Link section in the Okta account.

Identify Provider Metadata

Identity Provider Metadata

XML file

Upload the XML metadata that you generated and saved in the Okta configuration. For more information, see Okta setup for SAML-SSO on PrivaceraCloud

UserName Attribute

UserID

UserID

Use only the field name from Okta i.e., UserID

Email Attribute

Email

Email

Use only the field name from Okta i.e., Email

FirstName Attribute

FirstName

FirstName

Use only the field name from Okta i.e., FirstName (Optional)

LastName Attribute

LastName

LastName

Use only the field name from Okta i.e., LastName (Optional)



The following table shows the mapping of the fields in PrivaceraCloud with the fields of the SAML app in the Azure AD account:

Table 38. PrivaceraCloud and Azure AD fileds

PrivaceraCloud Fields

SAML App Fields in Azure AD

Values

Description

Entity Id

Entity ID

privacera-portal

The value of the entity id is the same as that which is used to configure Okta or Azure.

Identity Provider Url

Azure AD Identifier

URL

Use the copied Azure AD Identifier URL from Azure AD portal.

Identify Provider Metadata

Federation Metadata XML

XML file

Upload XML which you have downloaded from the Azure portal.

UserName Attribute

name

user.userprincipalname

It must be same as the Azure AD user used in the Attributes and Claims section.

FirstName Attribute

givenname

user.givenname

It must be same as the Azure AD givenname used in the Attributes and Claims section.

LastName Attribute

surname

user.surname

It must be same as the Azure AD user surname used in the Attributes and Claims section.

Email Attribute

emailaddress or name

user.email

It must be same as the Azure AD user email address used in the Attributes and Claims section. If the name and email address in your Azure account are the same, you can use the name instead of the email address.



Enable only SSO login

In this topic, you will learn how to enable SSO login using the toggle button in the PrivaceraCloud portal. When enabled, users will no longer be able to sign in with their credentials.

Prerequisites

  • You need to have connected your IdP via SAML to your PrivaceraCloud account.

  • As an account administrator, you need to login to PrivaceraCloud using your SSO credentials.

Steps to enable SSO login

  1. As an account administrator, login to PrivaceraCloud using your SSO username and password.

  2. Navigate to Settings > Account.> AUTHENTICATION SETTINGS.

  3. The system displays informative messages if the prerequisites to enable SSO have not been met:

    • SAML is not configured.

    • Unauthorized

    If all prerequisites have been met, no messages are displayed.

  4. Click the Enable only SSO login (Disable login with Email and Password) toggle button.

SSO URL without login screen

By using the SSO URL given below, you can directly login into PrivaceraCloud through SSO.

Substitute the value of the <account_ID>.

https://privaceracloud.com/sso?acountId=<account_ID>