Table of contents
1.
Introduction
2.
Microsoft AD FS
2.1.
Step 1: Create an AD FS authentication scheme
2.2.
Step 2: Incorporate a Relying Party Trust
2.3.
Step 3: Make claim regulations.
2.4.
Step 4: Configure the trust settings.
2.5.
Step 5: Provide identity provider information
2.6.
Step 6: RelayState should be enabled on your AD FS servers.
3.
Configuring SSO with Azure AD
4.
Setting up a custom SAML application in Duo.
5.
Setting up a custom SAML application in GSuite
6.
Setting up a custom SAML application in Okta.
7.
Configuring SSO with OneLogin
8.
Setting up a custom SAML application in Ping Identity
9.
Frequently Asked Questions
9.1.
How is configuration SSO defined?
9.2.
What is an example of SSO?
9.3.
How do I find out if SSO is activated?
9.4.
What kinds of SSOs exist?
10.
Conclusion
Last Updated: Mar 27, 2024

Configuring SSO with various software

Author Aditi
0 upvote
Career growth poll
Do you think IIT Guwahati certified course can help you in your career?

Introduction

This article will discover how to configure SSO with various software. Single sign-on is an authentication method. It enables users to sign in with a single ID to any number of connected but separate software systems. With true single sign-on, users only need to log in once. After that, they can access services without repeatedly providing their login details.

If you're learning to use Postman to do a specific operation or workflow, you must know the following concepts: 

  • Requesting resources, 
  • Evaluating APIs, 
  • Creating and maintaining APIs, 
  • Releasing APIs, 
  • Developing using Postman, and 
  • Working with your team. 

Let's dive into the article to learn more about configuring SSO.

api img

Microsoft AD FS

Step 1: Create an AD FS authentication scheme

In Postman, you must first build an AD FS authentication scheme. See Configuring SSO for a team to learn how to create this authentication method. After creating the scheme, collect the data for these fields on the Team page.

Step 2: Incorporate a Relying Party Trust

The Relying Party Trust (RPT) protocol describes the link between AD FS and Postman. To include a Relying Party Trust:

  • From AD FS Management, pick the Relying Party Trusts folder.
  • Choose "Add Relying Party Trust" from the "Actions sidebar" to launch the configuration process for a new trust.
  • When you see the Welcome screen, click "Claims aware" and click "Start."
  • Choose "Enter Data About the Party Manually" from the "Select Data Source box."
  • Choose a Display Name that you'll remember in the future. Notes are an optional addition.
  • Use the "default certificate settings" or upload the encryption certificate on the Team page.
  • Select SAML 2.0 WebSSO support to be enabled.
  • It would help if you collected the service URL (ACS URL) on the team page.
  • Include the following Relying Party Trust Identifier:
  • https://identity.getpostman.com
  • Choose "Permit everyone."
  • The wizard shows an overview of your settings on the following two screens.
  • Select Close to close the last screen and launch the Claim Rules editor.

Step 3: Make claim regulations.

You can establish the claim rules when the relying party's trust has been established. To establish a new rule:

  • Choose Add Rule. Next, make a rule to Send LDAP Attributes as Claims.
  • As your attribute store, use Active Directory. Choose E-Mail Addresses from the LDAP Attribute column.
  • Select E-Mail Address under Outgoing Claim Type.
  • To save the new rule, choose Finish.
  • To add a new rule, choose Add Rule; for the template, choose to Transform an Incoming Claim.
  • Select E-mail Address under Incoming Claim Type.
  • Select Name ID under Outgoing Claim Type.
  • Choose E-mail under Outgoing Name ID Format.
  • To finish creating the claim rule, click Finish.
  • Two transform rules exist. To confirm, click Edit Claim Issuance Policy.

Step 4: Configure the trust settings.

How to change the trust settings:

  • Select RPT and then Properties in the Actions sidebar.
  • You should set the secure hash algorithm to SHA-1 in the Advanced tab.

Step 5: Provide identity provider information

Following setup, Postman must receive the information from your Identity Provider.

  • Get the FederationMetadata.xml document. This document is frequently located at: https://Federation Service name>/FederationMetadata/2007-06/FederationMetadata.xml.
  • In the Team page's Identity Provider Details section, insert the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate you extracted from the metadata file.

Step 6: RelayState should be enabled on your AD FS servers.

The RelayState parameter on your AD FS servers must then be enabled.

  1. Open the following text editor file for AD FS 2.0:
%systemroot%\inetpub\adfs\ls\web.config

2. Open the following document with a text editor for AD FS 3.0:

%systemroot%\ADFS\Microsoft.IdentityServer.Servicehost.exe.config

 

  • Add the following line for useRelyStateForIdpInitiatedSignOn in the microsoft.identityServer.web> section. Then save the change:
<microsoft.identityServer.web> ... <useRelayStateForIdpInitiatedSignOn enabled="true" /> ...</microsoft.identityServer.web>
  • Run IISReset to restart IIS for AD FS 2.0.
  • Restart the Active Directory Federation Services (adfssrv) service on both systems.
  • Make sure the code useRelayStateForIdpInitiatedSignOn enabled="true" /> at microsoft.identityServer.web has been inserted. Then perform the following to create a URL encoded string using the relay state and Entity ID.
  • The RPID and Relay State value must be URL encoded.
  • Combine the URL-encoded values with the following string to create the entire string.
    • String - 
    • RPID=<URL encoded RPID>&RelayState=<URL encoded RelayState>
    • URL encoded string - RPID%3Dhttps%253A%252F%252Fidentity-example.getpostman.com%26RelayState%3D+35ef7ab89gh99hh00
    • String with values - RPID=https%3A%2F%2Fidentity-example.getpostman.com&RelayState=35ef7ab89gh99hh00
  • Add the last string to the URL for IDP-initiated sign-on.

Visit the final URL in the browser the first time you log in using Azure AD. In the future, users will be able to log in via SSO thanks to this setting of the relay state.

Configuring SSO with Azure AD

You must set up SSO in Postman before configuring a SAML application in Azure AD. After that, choose SAML 2.0 as the authentication type. Name your authentication, then click Continue.

First, open a new tab to continue setting up your SAML application. Then navigate to your Azure AD management portal:

  • Select + New application under Enterprise apps.
  • Choose the Postman app from the results after searching for "Postman" > Create. You might even develop your application.
  • Choose SAML under Set up single sign-on.
  • Add your Postman's Entity ID, Login URL, and ACS URL to your SAML settings in Azure AD.
  • Select Generate relay state in Postman. Then add the produced value to your Azure AD SAML configuration.
  • Select Edit > + Add a new claim from the Attributes & Claims section of Azure AD. Map the Name ID (Unique User Identifier) to the value of the user.mail.
  • Download the Federation Metadata XML file from the SAML Signing Certificate section of Azure AD.
  • Upload the Federation Metadata XML file to Postman under Identity Provider Metadata File. Alternatively, under Identity Provider Details, you can individually input the Identity Provider SSO URL, Identity Provider Issuer, and X.509 Certificate.
  • In Postman, click Save Authentication.

 

You may test your SAML configuration by creating a test user in Azure AD and giving them the Postman app. You can add new users automatically while configuring SAML. These test users can instantly sign in to Postman using the credentials to verify the procedure operates as intended. Invite the test user manually to your Postman team if you have chosen not to add new users automatically. You can then log in to Postman using the test user's credentials.

Setting up a custom SAML application in Duo.

  • The Duo dashboard's apps page can be reached there. To protect an application, choose it.
  • Find "SAML - Service Provider" by searching for it, then click the Protect this Application link.
  • As the service provider, enter Postman. You can see information about the service provider on the Postman Edit Team Details page. You can leave other fields empty or set them to their default values.
configure saml service provider
  • Select Save Configuration after configuring the service provider information.
Save Configuration
  • Get the configuration file now.
configure saml service provider
  • Your cloud application must be added to the Duo Access Gateway for Duo to use it.
  • Once the setup is complete, give Postman the information for your Identity Provider. Fill the Postman Edit Team Details page under the Duo Identity Provider Details modal. You can use the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate. You can collect all these from the Duo configuration page.

Setting up a custom SAML application in GSuite

  • Choose "Apps" from the Google admin console.
google admin console
  • Seek out "SAML apps."
saml app
  • Make a new SAML app.
saml app
  • "SETUP MY OWN CUSTOM APP" should be chosen.
saml application
  • The Postman Edit Team Details page under the GSuite Identity Provider Details modal is where you should add the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate you collected from this window.
Postman Edit Team Details
  • Input the application's name (such as "Postman SAML App") and any additional fields requested.
Postman SAML App
  • In the GSuite Identity Provider Details modal, key in the Postman service provider information that can be found on the Postman Edit Team Details page.
Postman Edit Team Details

Setting up a custom SAML application in Okta.

Follow the steps listed below to set up a custom SAML application:

Upon logging into your Okta account, take the following actions:

  • Choose Admin as shown on the following screen:
admin screen
  • Select Add Application from the Okta Dashboard.
  • Choose to Create New App, as seen below:
  • Make sure you have chosen the Web as the Platform in the following screen. Choose "SAML 2.0" and then select Create.
  • Enter the program's name under "General Settings" and click "Next."
  • Enter the Postman service provider information. You can find it on the Postman Edit Team Details page under the second step, "Configure SAML," section A, "SAML Settings." Go to Authentication > and choose Edit to edit the identity provider details. Select Proceed after that. After finishing this step, make sure you are on the following screen:
configure identity provider details
  • Download the encryption certificate at this time. It chooses the Download as file option (shown in red circle). You can upload this file later in the area of the Okta SAML configuration described below. To establish advanced SAML assertion settings, click the Show Advanced Settings option on the following screen.
  • Set up the options as indicated below. Make sure the field options you use respect these principles.
  • Select "I'm an Okta customer adding an internal app" under "Feedback" in the third stage. Then, check "This is an internal app that we have created" and click "Finish."
  • Select View Setup Instructions under the Sign On tab.
  • Copy the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate from the screen below.
sigh on url
  • Then, copy them, and paste them into the appropriate spots on the Identity Provider Details screen.
  • Select "Generate relay/Regenerate relay" after filling out the details. This will generate a parameter. This parameter will be sent along with a SAML answer in an IDP-initiated single sign-on. Paste the relay state after copying it.
  • You can paste the value by choosing Edit and doing so in the Default Relay State field.
  • After that, save the Authentication.

Configuring SSO with OneLogin

You must set up SSO in Postman before configuring the Postman app in OneLogin. Select OneLogin under the Authentication Type drop-down menu. Name your authentication, then click Continue.

onelogin

To continue setting up your Postman app, open a new tab and access your OneLogin admin console:

  1. Select Add App under Applications.
  2. Choose the Postman app from the results after searching for "Postman."
  3. On the left, select "Configuration."
  4. Take the ACS URL from Postman and enter it in OneLogin as your SAML Consumer URL.
  5. Choose Generate relay state in Postman. Then add the produced value to OneLogin's SAML RelayState.
  6. On the left side of OneLogin, choose SSO.
  7. Copy the Issuer URL and enter it as the Identity Provider Issuer in Postman.

Setting up a custom SAML application in Ping Identity

  • Choose the Applications tab from the Ping Identity admin console.
  • Find the Add Application menu under the My Applications tab. Then choose New SAML Application.
  • Complete the necessary application information, then move on to the next phase.
  • Enter the information for your Postman service provider after downloading the SAML metadata file. Continue to the next stage by leaving the remaining fields empty or with the default value.
application information
  • Add the application attribute "e-mail" and map it to the e-mail object. Choose Save & Publish.
  • Select Enable once all the settings have been set.
  • Once you have activated the SAML application's status, it will become Active.
  • Once the setup is complete, give Postman the information for your Identity Provider. Copy the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate values from the SAML metadata file. Then add them on the Postman Edit Team Details page in the Ping Identity Provider Details modal.

Frequently Asked Questions

How is configuration SSO defined?

SSO is an authentication method that enables users to log in just once and access various applications. For any identity provider that complies with the OASIS SAML 2.0 standard, HighBond offers SSO integration.

What is an example of SSO?

The feature's name comes from a user who only logs in once (Single Sign-on). You will be authorized to YouTube, AdSense, Google Analytics, and other Google apps as soon as you log in to a Google account like Gmail.

How do I find out if SSO is activated?

Verify that your tenant's Seamless SSO feature is still enabled. You may determine the status by visiting the Azure AD Connect pane in the Azure Active Directory admin portal. To view all the AD forests that are Seamless SSO-ready, click through.

What kinds of SSOs exist?

There are various SSO configurations, like "Federated Identity Management (FIM)", "OpenID Connect (OIDC)", "Security Access Markup Language (SAML)", and "Same Sign On (SSO)".

Conclusion

In this article, we have extensively discussed how to Configure SSO with the help of various software. We saw how to create Microsoft AD FS and configure SSO using azure ad. Then we learned how to set up custom SAML applications in Duo, GSuite, Okta, Ping Identity, and more.

We hope this blog has helped you enhance your configuring SSO with various software knowledge. If you want to learn more, check out our articles on Software TestingBasics of software testingRest API, and introduction to API. Practice makes a man perfect. If you want to practice and improve yourself in the interview, you can check out Top 100 SQL problemsInterview experienceCoding interview questions, and the Ultimate guide path for interviews.

Do upvote our blog to help other ninjas grow. Happy Coding!

thank you image
Live masterclass