Versions Compared

Old Version 24

changes.mady.by.user Sami Purho

Saved on

compared with

New Version Current

changes.mady.by.user Sami Purho

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Created dateUpdated dateAffects versionFix version

 

   

Management PortalN/A

Table of Contents

...

  1. Go to "Enterprise Applications" and locate the correct app, it should have the same name as the App registration which was created on the above steps.
  2. Navigate to "Properties" and set "Assignment required?" to "Yes".
  3. Navigate to "Users and groups" and define the list of users and/or groups allowed to sign in using SSO.

Okta - SSO with SAML 2.0

To set up Okta SSO authentication, access the Okta admin console and follow below steps to set up a new app integration:

  1. In Okta admin console navigate to "Applications" > "Applications" and then select "Create App Integration".
    Image Added
  2. "Create a new app integration" dialog opens, select "SAML 2.0" as the sign-in method.
    Image Added
  3. Click "Next".
  4. Fill in "General Settings" (app name and logo are shown to end users when they authenticate).
    Image Added
  5.  Click "Next".
  6. Fill "SAML Settings" as stated below:
    1. General:
      1. Make sure "Use this for Recipient URL and Destination URL" is selected and fill in "Single sign-on URL" using "Single Sign-On URL" available on Blancco Management Portal SSO settings page.
      2. Enter "Audience URI (SP Entity ID )" using "Entity ID" available on Blancco Management Portal SSO settings page.
    2. Attribute Statements:
      1. Add a new attribute statements using below details.
        NameName formatValue
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressUnspecifieduser.email
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUnspecifieduser.firstName + " " + user.lastName
  7. Click "Next".
  8. Fill in the "Feedback" section and click "Finish".
  9. "Sign On" -tab for the application should open, copy the Metadata URL from the page and paste it to Blancco Management Portal SSO settings to the "SAML metadata URL" field.
    Image Added
  10. Click "Save".

Once the configuration is finished, remember to assign the application to appropriate users and groups in order to allow users to authenticate to BMP using Okta.

Lowercase transformation for user email address

Blancco Management Portal requires user email address to be provided in lower case characters. Upper case characters within the users email address will prevent the system from working correctly. To mitigate this additional transformation rule needs to be created to treat the email address in lower case characters.

Below steps explain how to set up the needed transformation rule for the email address claim in Entra ID:

  1. Open the Enterprise Application dedicated for the BMP SSO and navigate to "Single sign-on" and then to "Attributes & Claims" and edit the claims.
  2. Open and edit the "emailaddress" claim (value set to user.mail) available under the "Additional Claims" section and change claims "Source" to "Transformation".
  3. In the "Manage transformation" dialog configure settings as follows:
    1. Transformation - ToLowercase()
    2. Parameter 1 - Attribute
    3. Attribute name - user.mail
      Image Added
  4. Save the changes.
  5. Attributes & Claims show now look similar to below (the transformation rule applied to the email address claim)
    Image Added