- 2 Minutes to read
- Print
- DarkLight
- PDF
Single Sign On
- 2 Minutes to read
- Print
- DarkLight
- PDF
Planful SAML Integration
Planful, acting as a Service Provider (SP), provides integration with Identity Providers (IdP), otherwise referred to as SAML Providers, to allow Identity Provider initiated Single Sign On across your numerous end-user applications. It is not Planful intention to provide a software solution but to integrate with existing Identity Providers to leverage their solutions for delivering SSO. The information contained within this document will provide you with an introduction to how Planful integrates with Identity Providers, information that is required from IdPs to integrate, and information that Planful will expect for proper authentication and authorization.
Planful Integration Overview
Planful leverages a DLL and several XML files to define the IdPs, their connection information, and the “circle of trust”. The circle of trust is a list of identifiers of the various systems that are part of the SAML SSO process. The additional configuration files define the IdPs, their attributes, and how they will communicate with Planful. Planful will expect, at the very least, an e-mail address (for login to our application), a Company ID (i.e. Planful customer), and an IdP Entity ID (i.e. IdP qualifier) for determining the correct IdP when evaluating a user. We support Identity Provider initiated authentication only at this point (no Service Provider authentication supported).
Identity Provider Configuration Items
The information that is required from the IdP is for configuration of our native DLL, which is constructed from an open source SSO solution and related configuration files. The following information is required for proper setup:
- IdP Entity ID (also called Issuer ID) – this is the identification of the Identity Provider, such as Okta, for example – fed.monsanto.planful.saml2 or a generic code which defines the IdP (i.e. WFWE78909D034SDF).
- IdP URL – for example – https://ssoportal.monsanto.com/IdPServlet?idp_id=fed.monstanto.planful.saml2
- IdP Digital Certificate – also known as the IdP’s public key. This key is used to sign all assertions sent to Planful and will automatically handle validating the assertion (i.e. request for login) against the key.Note:Planful only supports SSO certificates issued by a Certificate Authority to ensure security and scalability. Self-signed or untrusted certificates are not supported.
Planful Configuration Items
The following items are items which most Identity Providers will require from their Service Providers. These items will be provided by Planful to ensure proper IdP configuration.
- Service Provider ID – this is the identification of Planful as a Service Provider. For example – fed.identropy.planful.saml2
- Service Provider URL – this is URL for which the IdP will send the assertion to Planful where we will read the request. For example – https://epm.planful.com/validatesso.aspx
Planful Sign on Information
The following items are expected to be passed to Planful to securely authenticate and authorize a user within Planful. This information is needed to identify a user and determine the Entity ID passed along.
- User ID – e-mail address for end user – for example – bsmith@monsanto.com
- IdP Entity ID – see above for description