You can find out more about eSpatial and SSO here https://help.espatial.com/manage-groups-and-users/single-sign-on-sso-overview. In this article we look at the configuration details to setup SSO between eSpatial and the SAML 2.0. compliant OneLogin (https://www.onelogin.com/). Note that you need to have an enterprise eSpatial account to have the SSO functionality.
Enable SSO on your Account
- Click on your username drop down in the top right corner.
- Select Manager Groups & Users.
- Click on the SSO Configuration Link.
Your Onelogin Administrator needs to configure the setup between eSpatial and OneLogin.
- Add a new OneLogin Application
- Ensure that it is SAML 2.0
- Give it an appropriate Name and Logo
- Go to the Configuration Tab
- Copy the value from the eSpatial field "Service Provider Entity Id (Audience URI)" to the OneLogin Field "Audience"
- Copy the value from the eSpatial field "ACS SSO URL" and copy into both the "Recipient" and "ACS (Consumer) URL" in OneLogin
- Copy ".*." into "ACS (Consumer) URL Validator" field in OneLogin
The go to the SSO Tab in OneLogin
- Set "SAML Signature Algorithm" to "SHA-256"
- Copy the "Issuer URL" from OneLogin to the field " Identity Provider Metadata URL" in eSpatial
- Confirm your settings in OneLogin by pressing save
- Confirm your settings in eSpatial by selecting enable SSO
User Setup and Testing
- Click on the users tab in OneLogin to ensure that at least one user has access to the eSpatial app from OneLogin to test
- Log out of eSpatial
- In OneLogin, go to your App Portal/Home
- Click on the eSpatial Link from your portal and log into eSpatial from OneLogin
- Click on the eSpatial Link from your portal and you will be redirected (& logged in) to eSpatial from OneLogin