saml2.0singlesign-on(sso) just-in-time(jit)provisioning ... · just-in-time(jit)provisioning. 16...
TRANSCRIPT
![Page 1: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/1.jpg)
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
User Guide | July 2020
PulsewayPSA and AuthAnvil - SAML 2.0Single Sign-On (SSO) Just-in-Time (JIT)ProvisioningRelease 4.0.34 | Version 1.0
www.pulseway.com
![Page 2: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/2.jpg)
Copyright Notice - Pulseway
©2019 Pulseway All rights reserved. | www.pulseway.com
2 PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
www.pulseway.com
![Page 3: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/3.jpg)
3
www.pulseway.com
Contents
AuthAnvil Setup 4
Download the Certificate 10
PulsewayPSA Setup 12
AuthAnvil Application Assignment 13
Enable Two Way SAML Login 15
Enable JIT Provisioning 17
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
![Page 4: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/4.jpg)
AuthAnvil SetupAssuming you have an active AuthAnvil (https://subdomain.authanvil.com/) account.
In order to setup PulsewayPSA with AuthAnvil you need to have a user group that can associate with the PulsewayPSASSO configuration.
Creating a new group.
1 Log in to AuthAnvil and navigate to Directory Manager > Groups.
2 Click the button to create a new group.
3 Give a name to your group.
4 Click the Add Group button.
Now a new group is created.
Setting up PulsewayPSA with AuthAnvil.
1 Navigate to SSOManager.
2 Click the button.
4 PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
AuthAnvil Setup www.pulseway.com
![Page 5: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/5.jpg)
5
AuthAnvil Setupwww.pulseway.com
3 Click the button then search for PulsewayPSA and then select PulsewayPSA from the list.
4 In the Add new Application to the Library window, select the Application is Enabled checkbox.
5 Click the Add Application button at the bottom right of the screen.
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
![Page 6: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/6.jpg)
Now the application added.
6 Navigate to Permissions tab.
7 Click the Add Group button and select the group you created.
8 Click the Add Groups button to finish setup.
6 PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
AuthAnvil Setup www.pulseway.com
![Page 7: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/7.jpg)
7
AuthAnvil Setupwww.pulseway.com
9 Navigate to Attribute Transformation tab.
10 Change the CompanyName attribute
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
![Page 8: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/8.jpg)
Protocol Setup
1 Navigate to the Protocol Setup tab.
2 For Assertion Consumer URL, change the base url to the base url of your PulsewayPSA server.
3 For Service Entity ID, change the base url to the base url of your PulsewayPSA server.
4 Save your changes.
8 PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
AuthAnvil Setup www.pulseway.com
![Page 9: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/9.jpg)
9
AuthAnvil Setupwww.pulseway.com
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
![Page 10: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/10.jpg)
Download the Certificate1 Navigate to AuthAnvil > SSOManager.
2 Open the PulsewayPSA application.
3 Navigate to Signing and Encryption tab.
10 PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
Download the Certificate www.pulseway.com
![Page 11: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/11.jpg)
11
Download the Certificatewww.pulseway.com
4 Click the Download button.
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
![Page 12: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/12.jpg)
PulsewayPSA SetupIn PulsewayPSA we need to setup the system to enable SAML authentication and that can be achieved under Admin >My Company > Authentication.
In the “Single Sign On” tab, upload the certificate downloaded previously, and set “Enable Single Sign On via SAML” toYes, then click Save.
This will enable PulsewayPSA SAML authentication.
12 PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
PulsewayPSA Setup www.pulseway.com
![Page 13: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/13.jpg)
13
AuthAnvil Application Assignmentwww.pulseway.com
AuthAnvil Application AssignmentOnce the application created, navigate to Directory Manager > Users then choose any user and add the assigned groupfor this user.
Now when the user assigned, go to Launchpad in the left menu then click on the PulsewayPSA SSO application youcreated to be redirected and logged in to PulsewayPSA.
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
![Page 14: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/14.jpg)
14 PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
AuthAnvil Application Assignment www.pulseway.com
![Page 15: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/15.jpg)
15
Enable TwoWaySAML Loginwww.pulseway.com
Enable Two Way SAML LoginIn order to launch AuthAnvil during the Log in from PulsewayPSA. You need to enable two-way SAML integration. In orderto do this, you will need your AuthAnvil Login URL that can be found here:
Once you have this URL, you will need to save it in PulsewayPSA under the Authentication Page:
This will allow you to leverage the AuthAnvil Log in screen when users are trying to log in to PulsewayPSA. You canenable this on the User Level by updating the Authentication Type on the Employee Level:
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
![Page 16: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/16.jpg)
16 PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
Enable TwoWaySAML Login www.pulseway.com
![Page 17: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/17.jpg)
17
Enable JIT Provisioningwww.pulseway.com
Enable JIT ProvisioningIn order to enable Just-in-Time (JIT) provisioning, you will need to do it from the PulsewayPSA Authentication page.
By default, all Users will take the Default Security Roles specified in the above Employee Defaults Section. In order tostart mapping Active Directory Groups to PulsewayPSA Security Roles you will need to Add Mapping Rules as following:
By adding multiple Rules, you can now start routing Active Directory Users to PulsewayPSA Security Roles based onDomain and Security Group.
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
![Page 18: SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning ... · Just-in-Time(JIT)Provisioning. 16 PulsewayPSAandAuthAnvil-SAML2.0SingleSign-On(SSO) Just-in-Time(JIT)Provisioning EnableJITProvisioning](https://reader030.vdocuments.us/reader030/viewer/2022040415/5f2809ecf28cb02bb63f3b13/html5/thumbnails/18.jpg)
18
www.pulseway.com
PulsewayPSA and AuthAnvil -SAML 2.0 Single Sign-On (SSO)Just-in-Time (JIT) Provisioning
Enable JIT Provisioning
This page is intentionally left blank.