SSO

Single Sign On (SSO) enables users to log into multiple services without entering their user name and password for each service. SnapLogic supports Single Sign On (SSO) for Identity Providers (IdP) that use the Security Assertion Markup Language 2.0 (SAML 2.0) standard.

IdPs certified to work with SnapLogic include:

With SSO authentication:

  1. SnapLogic redirects authentication requests to the configured IdP.
  2. The IdP validates the request to make sure it is coming from a known SP and verifies the user's identity in a response to SnapLogic.
  3. SnapLogic validates the response against the IdP metadata and grants the user access.

Enable SSO

If your organization has multiple SnapLogic environments (Orgs), they should all be configured for the same IdP and users should log in with that IdP. To enable SSO, the IdP must recognize SnapLogic as a valid Service Provider (SP) and SnapLogic must have information to interact with the IdP. The IdP and SnapLogic each provide a metadata file that contains the necessary configuration.

Note: The SnapLogic metadata file is customized for the IdP. You must upload the IdP metadata before downloading SnapLogic metadata.

To enable SSO logins in the SnapLogic environment:

  1. Obtain the metadata file from your IdP and click Upload to upload it:
    Upload IdP metadata

  2. Provide SnapLogic metadata to your IdP by:
    1. Copying and pasting the provided SnapLogic URLs.
    2. Downloading the SnapLogic metadata file.
    3. Uploading the SnapLogic metadata file to your IdP. The metadata file includes the certificate that the IdP uses to prove that it is a trusted source.

    Download SnapLogic metadata

  3. Optionally, click Manage SSO options to set options. Check your IdP documentation for the recommended settings.
    Manage SSO options

    • AuthNRequestsSigned: Select True to authenticate the sign-on with a 3rd-party entity such as Google or Facebook. Selecting False disables this authentication method.
    • RequestedAuthN Context Comparisons: Select a value. The default setting is exact.
    • AuthnContextClassRef: Add references to the context classes.

Manage user accounts

Each user must have an account in SnapLogic and an account in the IdP. When SSO is enabled for an environment, users can sign in with either basic authentication (user name and password) or with SSO. Similar to basic authentication, a successful SSO login gives users access to all environments where they have an account.

Important: If your IdP is configured for Multi-Factor Authentication, (MFA), make sure to disable password-based login as described below.

To enable SSO login for a user:

When SSO is enabled, users need to enter an environment name (Org name) when signing in. The name is case-sensitive.