Skip to main content

SSO Overview

About SSO and Federated Authentication

Single Sign-On streamlines user login access to multiple systems by allowing them to authenticate once and access various resources without repeatedly entering credentials. It balances user convenience and security, making it an essential tool for organizations seeking a seamless and secure user experience across their digital ecosystem.

Vega's SSO allows configuration using SAML.

SAML (Security Assertion Markup Language) and OpenID are two widely used protocols in the realm of authentication and authorization for Single Sign-On (SSO) systems.

SAML is a mature protocol that focuses on exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). When a user tries to access a service, the IdP generates a SAML assertion, containing the user's identity information and authentication status. This assertion is digitally signed and sent to the SP, which can then grant access based on the received information. SAML is commonly used in enterprise settings where a centralized IdP manages user identities and access to various services.

Getting Started

Vega Federated Authentication links your credentials to the Vega Platform. Vega implements authentication using the Federated Identity Management model.

When using the FIM model, your company manages your credentials using an Identity Provider (IdP). With its IdP, your company can enable you to authenticate with other services across the web. You configure the Vega Platform to authenticate using data passed from your IdP.

This goes beyond SSO as your IdP manages your credentials, not Vega. Your users can use the Vega Platform without needing to remember another username and password.

Procedure

ROLES REQUIRED:

org_global_admin or org_owner

IMPORTANT: Two-Stage Configuration

Depending on your Identity Provider, some circular logic may apply when linking it to a Service provider like Vega. To Link your IdP to Vega:

  • Your IdP needs values from Vega, and
  • Vega needs values from your IdP. To simplify setup, Vega prompts you to enter placeholder values for the IdP and Vega configurations. You will replace these values later in the procedure.

Configure An External Identity Provider Application

To configure Federated Authentication, you must have an external SAML IdP application. In the SAML IdP, you must perform the following:

  1. Create a new application for Vega.

  2. Configure initial SAML values for the new application.

  3. Set placeholder values for the following fields:

    • SP Entity ID or Issuer
    • Audience URI
    • Assertion Consumer Service (ACS) URL
  4. Set valid values for the following fields:

    FieldValue
    Signature AlgorithmAlgorithm used to encrypt the IdP signature. Vega suports the following signature algorithm values: SHA-1 & SHA-256
    Named IDValid Email Address Note: Name ID is both your email address and username
  5. Create Attributes with the following Attribute Names for the following SAML Attribute Values:

    SML Attribute NameSAML Attribute Value
    firstNameFirst Name
    lastNameLast Name
    emailUser email

    NOTE: The names of these attributes are case sensitive. Type these attribute names as shown in camelCase

  6. Save these values.

Once you have completed the initial setup for your IdP application, you link the IdP to Vega to federate your users' logins.

Apply your Identity Provider to Vega

Prerequisite

This procedure assumes you already have an external IdP application.

You configure Federated Authentication in Vega from the Single Sign-On page in Settings.

  1. Navigate to Settings > Single Sign-On.

  2. Create a new SSO configuration using the SAML option.

  3. Enter the following SAML settings.

    FieldNecessityDescription
    Configuration NamerequiredHuman-readable label that identifies this configuration (Not Editable).
    Configuration Display NamerequiredHuman-readable name that is displayed on the login page (Editable).
    IdP Issuer URIrequiredIdentifier for the issuer of the SAML Assertion.
    NOTE: Specify a placeholder value for this field. Obtain the real value for this field from your IdP once you have supplied it with the Vega meta data.
    IdP Single Sign-On UrlrequiredURL of the receiver of the SAML AuthN request.
    pecify a placeholder value for this field. Obtain the real value for this field from your IdP once you have supplied it with the Vega meta data.
    IdP Signature CertificaterequiredPEM-encoded public key certificate of the IdP. You can obtain this value from your IdP. You must paste the contents of the certificate into the text box.
    Request BindingrequiredSAML Authentication Request Protocol binding used to send the AuthNRequest. Can be either:
    - HTTP POST
    - HTTP REDIRECT
    Response Signature AlgorithmrequiredResponse algorithm used to sign the SAML AuthN Request. Can be either:
    - SHA-256
    - SHA-1
  4. Click Create.

Configure your Identity Provider with Vega Meta Data

Having setup your IdP in Vega, you can provide the required Vega Metadata to your IdP.

  1. On the Single Sign-On screen in Vega, locate, copy, and save the metadata inside the SETTINGS AND CONFIGURATION DATA YOU CAN PROVIDE YOUR SSO PROVIDER TO COMPLETE SETUP section.
  2. Update IdP values based on saved Vega Metadata.
    1. You now have the necessary information to replace the placeholder IdP Issuer URI and IdP Single Sign-On URL values set when you set up the initial IdP mapping in Vega.
  3. In Vega, modify the placeholder values set for IdP Issuer URI and IdP Single Sign-On URL for the linked IdP with the proper values from your IdP.