Overview

Single sign-on (SSO) is an authentication method that enables users to log in to multiple applications and websites with one set of credentials. SSO works upon a trust relationship established and maintained between the service provider (SP) and an identity provider (IdP) using certificates.

Spectro Cloud supports the following two types of SSO authentication options:


  1. Security Assertion Markup Language (SAML) Based SSO - You can create a Tenant Cluster Profile with SAML SSO within Palette. This is a manual process that is explained below.


  2. OpenID Connect (OIDC) Based SSO - You can use OIDC to enable OIDC SSO between Palette and the recommended IdP. It requires application registration to issue a Client ID, Client Secret, and Validation.




How to Set Up SAML 2.0-based SSO in Palette

With Spectro Cloud Palette, you can use SAML 2.0 protocols for single sign-on (SSO) authentication using your IdP.


Procedure

To set up Spectro Cloud Palette with an identity provider (IdP) SAML based SSO:


  1. Log in to the Palette console as a Tenant Admin.


  2. Select Tenant Settings > SSO Auth Type > SAML to view the SAML panel.


  3. Complete the assertion form with the requested parameters. See below for more details specific to the supported IdPs.


    The following options will be available for configuring SAML SSO within Palette:


    • Service - Choose your IdP (Azure Active Directory, Okta, Keycloak, OneLogin, ADFS, Other).


    • Identity Provider Metadata - Enter the Identity Provider Metadata.


    • Default Teams - Add the authenticated user's Default Team(s) Palette membership.


    • NameID Format - Choose the appropriate version of the format in use (SAML 1.1, SAML 2.0, email address, other).


    The following parameters will enable Spectro Cloud Palette as a Service Provider (SP) in your IdP. Your IdP will require some or all the information listed below to enable SSO with Palette.


    • Single Logout URL - The IdP will use the logout URL for the SAML SSO configuration.


    • EntityId - https://www.spectrocloud.com


    • FirstName - Attribute in First Name format.


    • LastName - Attribute in Last Name format.


    • Email - Attribute in Email format.


    • SpectroTeam - Attribute in SpectroTeam format.


    • Service Provider Metadata - Provide the EntityDescriptor.


  4. Edit each parameter as necessary and click Enable to complete the setup wizard.



Common Identity Providers

Next Steps

Find the SSO solution with these supported IdPs with Palette.




Okta

Okta's single sign-on solution can quickly connect and sync to Palette.


References

https://developer.okta.com/docs/guides/build-sso-integration/saml2/before-you-begin/