Skip to main content

Set up SSO

At spektr, SSO is also a supported way to sign in to the platform.

Yuri Beckers avatar
Written by Yuri Beckers
Updated this week

Single sign-on (SSO) makes it easier and more secure for users to access your applications by letting them log in with one trusted set of credentials. This means that your team can spend less time managing passwords and more time getting things done.

We support SAML 2.0 authentication.

EntraID

First set up an app in the Entra Portal

Click “Create your own application”

Put spektr as name, choose “Integrate any other application you don't find in the gallery (Non-gallery)” and press Create.


Choose assign users and groups and then Add user/group


Search and add the users and the groups that should be allowed to log in to the spektr platform.

Then click Assign.

After that, click on Single sign-on and choose SAML as the single sing-on method.


Click edit in the Basic SAML Configuration


Add the Entity ID and ACS URL (find in spektr platform via Settings and then SSO)

Save and exit.

Then choose to edit the Attributes & Claims

Spektr requires that the Unique Name Identifier be the user’s email address. It also has to be in lowercase. To ensure this, we recommend setting a transformation on the value. Use the user.userprincipalname field, set the format to “Persistent” and choose to apply the ToLowercase transformation.


In addition, you need to also send the first name, surname, email
This is already configured in EntraID.

You also need to set the group claim.

  1. Click “Add a group claim”

  2. Groups assigned to the application

  3. Source attribute choose: Cloud-only group display names

  4. Click Save

    Once the claims are set, navigate back to the spektr platform.


Choose platform settings and the SSO tab.

Set up SSO in spektr.

To set up SSO for spektr, go to Settings, and then to SSO.

You will see this SSO settings screen:



Fields:

Allowed domain:

This is your own domain. Please note we only support 1 domain.

For example: spektr.com

Identify Provider Information
You need to provide the SAML metadata to spektr.


Metadata URL (recommended)
We recommend to use the URL since this takes care of certificate renewal automatically.

Metadata XML file*

(In comparison to the Metadata XML file if you use the upload function).

*Metadata File

SSO is set up by exchanging metadata files between the Identity Provider (IdP) and the Service Provider (SP). The SAML 2.0 metadata file format is supported. This metadata file contains information about each SSO entity (URLs, protocols supported, certificates etc.).

Attribute Mappings:

Attribute mapping is the mapping of attributes ("claims" or user-data) from an external Identity Provider (IdP), e.g. a social login or SAML provider, into the standard (or custom) attributes used by the Amazon Cognito user pool.

In spektr we made it possible to edit these values to achieve the desired and correct mapping.

Copy the claim names from Entra ID and match them with the required attributes of spektr.

Once ready click save and then enable.


The mapping values:

Email

Given Name

Family Name

Groups

Example:


Service Provider Details

Service Provider (SP) details refer to the specific information an application or service provides to an Identity Provider (IdP) so the IdP can authenticate users for that service.

Key details include the Assertion Consumer Service (ACS) URL (the endpoint where the IdP sends the authentication response), the Entity ID (a unique identifier for the SP), and often the metadata containing contact or technical information.

Configuration:

When setting up SSO for a service or a custom app, you will need to input its details into your identity provider's dashboard.

Assertion Consumer Service (ACS) URL:

The URL where the Identity Provider sends the authentication response (like a SAML assertion) after the user logs in successfully.

ACS’s URL:

https://spektr.auth.eu-north-1.amazoncognito.com/saml2/idpresponse

Entity ID:

A unique identifier for the service provider application.

Entity ID:

urn:amazon:cognito:sp:eu-north-1_2Vw3keTNV

Example:


Make sure to press SAVE.


When you want to login to spektr, the SSO is active, but all you will see is just the field to login with your email and password credentials.

You will then automatically be forwarded to the connected Identity Provider.


You will now be able to make use of SSO with spektr!

Did this answer your question?