Skip to main content

Onboarding your Identity Provider

Promethium supports SAML 2.0 for Single Sign-On (SSO) integration with your Identity Provider (IdP). This guide outlines the steps required to configure your IdP to work with our application and complete the setup process.

Overview

To enable SAML-based SSO, you will need to register our application within your Identity Provider using the configuration parameters we provide. Once configured, you will return a SAML Metadata file to us, and optionally define how user identity and group claims should be handled.

What We Provide

We will provide you with the following parameters to register our application within your IdP:

  1. IdP Entity ID
  2. IdP Domain (Assertion Consumer Service URL)

These values are used to establish a trust relationship between your IdP and our application.

Steps to Configure SSO

  1. Register a New SAML Application using your IdP management console (e.g., Okta, Azure AD, Ping Identity, etc.):
    1. Create a new SAML 2.0 application.
    2. Set the Entity ID to the value we provide.
    3. Set the ACS (Assertion Consumer Service) URL and Reply URL to the IdP Domain we provide.
    4. Configure the SAML assertions to include the user identifier which needs to be email.
  2. (Optional) Configure Group Claims If your organization uses group-based authorization, you may also configure group claims. You will need to provide this information to us so that we can map your Group Claim with the correct SAML assertion.
    1. Enable the inclusion of group information in the SAML assertion.
    2. Confirm the Group Claim Attribute Name that your IdP uses to represent groups (e.g., groups, memberOf, or a custom attribute).
  3. Once the application is registered share the SAML Metadata.
    1. Download the SAML Metadata XML file generated by your IdP.
    2. Send this file to your Customer Success contact.

This metadata file contains your IdP’s certificate and configuration needed for us to complete the integration.

What You Need to Provide to Us

Please share the following:

  • The SAML Metadata XML file.
  • The SAML attribute corresponding to the desired user ID.
    • Attribute values must be email-formatted.
  • Whether you are:
    • Sending only a user ID; or
    • Sending user ID and group claims.
      • The Group Claim Attribute Name (e.g., groups, roles, memberOf, etc.).

Next Steps

Once we receive your metadata and group claim details (if applicable), we will:

  • Complete the SSO configuration on our end.
  • Confirm connectivity and test user login with your team.
  • Enable SSO for your environment.