Avanan MSP Portal supports Single Sign-On (SSO) with various providers using SAML. Once SAML integration is enabled on the portal, each portal user can be configured to log in with either SAML or credentials (or both).
Configuring SAML Integration
SAML Identity providers require the following:
- An Assertion Consumer Service (ACS) URL (also referred to as the Single Sign-On URL) or the Entity ID of the service provider (sometimes called the Audience URI).
- Metadata Source - either Metadata File in .xml format, or a Metadata URL, both can be obtained from the Identity Provider.
To configure SAML integration:
- Go to Settings.
- Expand Authentication Settings and click Configure SAML.
- To enable SAML integration, click Enable SAML.
- Copy the ACS URL and provide the URL to the Identity provider. The ACS URL will also serve as the Service Provider Entity ID.
- Select the required Metadata Source type.
- To use a local file:
- Select File Upload.
- Under Metadata File, select the required file and click Upload.
- To use a file from a URL
- Select Metadata URL.
- Under Metadata URL, enter the path of the file.
- Click Save.
User Authentication with SAML
For each user in the MSP portal, it is possible to set the allowed authentication method. When SAML integration is enabled, users can use SSO for their login. Each user can login with SAML, credentials, or both. It is advised that at least one of the admins would be allowed to login also with credentials in case of an error in the SSO login or the SAML integration.
To set the authentication method for a user:
- Go to Settings.
- Expand User Management.
- Select the user you need to edit, and under Action, click Edit User.
- Select the required options.
- Enable Password Login
- Enable SAML Login
- Click Save.
To login using SSO to the MSP Portal, select Login with SAML.