How to Configure Single Sign-On in Securden EPM?

Securden leverages SAML 2.0 to seamlessly integrate with SAML-compatible federated identity management solutions like Okta, G Suite, Microsoft ADFS, OneLogin, PingIdentity, Azure AD SSO, and others for single sign-on. Securden serves as the SAML service provider (SP) and it integrates with SAML identity providers (IdP). Once the configuration is done, you can provide your users with a single sign on experience to access Securden GUI.

Securden integrates with any SAML-based SSO solution. The integration process involves three steps:

Step 1: Add Securden EPM as an application in the IdP (Okta, OneLogin, etc.)

Step 2: Configure IdP's details in Securden

Step 3: Provision access to Securden for your users in the IdP

How to add Securden EPM as an Application in the IdP?

To start the integration, you would require certain details about Securden, which you can obtain from the product interface as explained below:

Navigate to Admin >> Integration >> SAML SSO.

1. Here, you will have the SP details that you would need to specify in your identity provider interface. You have the option to download the SP metadata directly or copy individual attributes manually.

2. Use the details to create an application for Securden in your IdP.

3. Once the application is created in your IdP, proceed to the next part.

How to Configure IdP details in Securden EPM?

Once the application is created, you need to configure your identity provider details is Securden. You have two options here;

1. Upload IdP’s metadata directly

(or)

1. Configure IdP details manually

If you choose to upload the metadata, follow the steps below.

1) Identifier - This will appear on the Securden WPM login page and enable users to identify the SAML identity provider.

2) Metadata - Data in a .xml format that provides the details of the IdP, including the IdP entity data, login URL, protocol type, and digital certificate. Custom rule for Securden Login Name - This field is optional. As part of the integration, one of the important aspects is the Login name format. The identity provider returns a login name, which Securden uses as the username for logging in to the application. If you want to map the name returned by the identity provider with a different name, you can create custom rules.

If you choose to configure each IdP detail manually, Fill in the following details:

1) Identifier - This will appear on the Securden WPM login page and enable users to identify the SAML identity provider.

2) IdP Entity Id - A globally unique name for the identity provider

3) Login URL - The URL to login into the IdP

Note: IdP entity Id and login URL details should be fetched from your IdP interface

4) Protocol type - This can either be an HTTP POST or an HTTP redirect protocol.

5) Certificate File - The digital certificate of the IdP browsed from your system and added here.

6) Custom Rule for Securden Login Name - This is an optional field. As part of the integration, one of the important aspects is the Login name format. The identity provider returns a login name, which Securden uses as the username for logging in to the application. If you want to map the name returned by the identity provider with a different name, you can create custom rules.

How to use custom rules for getting the required Securden Login Name from the values returned by the IdP?

You can make use of the following string functions to create custom rules to manipulate the login name returned by the identity provider. In the string function, str denotes the name returned by the identity provider.

Function	Input Parameters	Example	Output
stringAppend	(String str, String suffix)	stringAppend('This is', ' a test')	This is a test
toUpperCase	(String str)	toUpperCase('This is a test')	THIS IS A TEST
toLowerCase	(String str)	toLowerCase('This is a test')	this is a test
substringBefore	(String str, String searchString)	substringBefore('abc@securden.com', '@')	abc
substringAfter	(String str, String searchString)	substringAfter('abc@securden.com', '@')	securden.com