Vyopta provides Single Sign-On (SSO) through the Security Assertion Markup Language (SAML) standard. This mechanism, allows customers, through their Identity Provider (IdP) platform of choice, to provide authorization credentials to Vyopta’s Collaboration Performance Management (CPM) application, which plays the Service Provider (SP) role in the SAML negotiation process. Customers must have IdP software installed that supports the SAML 2.0 standard. Examples of compliant IdP software include Microsoft ADFS 2.1 or later, Okta, Oracle Identity Federation, SailPoint IdentityNow, and SecureAuth, as well as a free option called OpenTPS. The SAML 2.0 standard is widely accepted, so it is likely that your IdP platform supports it.
Before we can start with the SSO integration, we will need to schedule a kickoff meeting to review how the integration works, and the requirements behind the integration. We suggest having a member of your Identity Provider team to be part of the kickoff call.
To start off the integration process, please open a new ticket on our support team and ask the support team to schedule a SSO kickoff call, and we will will go ahead and schedule the call. During the kickoff call, we will be providing additional information to set up the integration.
Deployment Process
- Vyopta creates a customer-specific security realm.
- Vyopta creates a DNS name to point to the Vyopta service. Example of DNS name: <customername>.vyopta.com
- Customer obtains Vyopta SAML metadata through the following link
https://login.vyopta.com/auth/realms/<customername>/broker/saml/endpoint/descriptor
4. Customer supplies IdP metadata to Vyopta by providing an XML file (or URL) containing an encryption key (public) and the IdP login page.
5. Vyopta and Customer configure their respective services using the metadata provided.
6. Test and deploy.
- Vyopta creates a customer-specific security realm.
- Vyopta creates a DNS name to point to the Vyopta service. Example of DNS name: <customername>.eu.vyopta.com
- Customer obtains Vyopta SAML metadata through the following link
https://login.eu.vyopta.com/auth/realms/<customername>/broker/saml/endpoint/descriptor
4. Customer supplies IdP metadata to Vyopta by providing an XML file (or URL) containing an encryption key (public) and the IdP login page.
5. Vyopta and Customer configure their respective services using the metadata provided.
6. Test and deploy.
Required IdP Assertions
Your IdP software must be configured to provide the following assertions, for our SSO integration to work:
| Attribute | Required/Optional | Description |
|---|---|---|
| Required | Users Email (used as ID) | |
| name | Required | Users Display Name |
| memberOf | Required | Comma separated list of Vyopta application groups |
The memberOf is used to provide end users with specific permissions within Vyopta. There are four groups currently honored by the Vyopta application:
Users should be assigned to 1 Role at a time
| Group Name | Role | Description |
|---|---|---|
| vyopta_admin | Vyopta Application Administrator |
Users with this role will have administrator access to the Vyopta Application. |
| vyopta_vanrptvwr | Vyopta vAnalytics viewer | This is the Vyopta 'Default' role for the Vyopta Application. |
| vyopta_vanrptrdr | Vyopta vAnalytics viewer reader only | Users with this role will only have access to viewing dashboards and datasets in the Vyopta Application |
| vyopta_vandbvwr | Strict Dashboard Viewer | Users with this role will only have access to viewing dashboards. |
To learn more about the Vyopta Roles and permissions, please see Vyopta User Permissions
Comments
Please sign in to leave a comment.