SAML SSO Integration

Avanan Managed Service Provider (MSP) Portal supports Single Sign-On (SSO) with various providers using SAML. Once SAML integration is enabled on the portal, each portal user can be configured to log in with either SAML or credentials (or both).

Configuring SAML Integration

SAML Identity providers require:

  • Assertion Consumer Service (ACS) URL (Single Sign-On URL) or the Entity ID of the service provider (Audience URI).

  • Metadata Source, either in Metadata File in .xml format, or a Metadata URL, both can be obtained from the Identity Provider.

To configure SAML integration:

  1. Go to Settings.

  2. Expand Authentication Settings and click Configure SAML.

    The Configure SAML window appears.


  3. Select the Enable SAML checkbox.

  4. To copy the ACS URL value, in the ACS URL field, click .

    Note - You must provide this URL to your Identity Provider.

  5. Do these:

    Action

    Metadata Source

    Metadata File
    To add a local file File Upload

    Enter the path of the file.
    To add a file from a URL Metadata URL

    Select the required file and click Upload.

  6. Click Save.

User Authentication with SAML

For each user in the MSP portal, it is possible to set the allowed authentication method. When SAML integration is enabled, users can use SSO for their log in. Each user can log in with SAML, credentials, or both. It is advised that at least one of the administrator would be allowed to log in with credentials in case of an error in the SSO login or the SAML integration.

To set the authentication method for a user:

  1. Go to Settings.

  2. Expand User Management.

  3. Select the user you want to edit, and under Action, click .

  4. Select the required options:

    • Enable Password Login

    • Enable SAML Login

  5. Click Save.

Note - To log in using SSO to the Avanan MSP Administrator Portal, select Login with SAML.

SAML SSO Integration with Microsoft Azure

To configure Microsoft Azure as SAML Provider for the Avanan MSP Portal:

  1. Log in to the Avanan MSP Administrator Portal:

    1. Go to Settings.

    2. Expand Authentication Settings and click Configure SAML.

      The Configure SAML window appears.

    3. To copy the ACS URL value, in the ACS URL field, click .

    4. Click Cancel.

  2. Sign in to the Microsoft Azure portal:

    1. Navigate to Enterprise Applications > New Application.

    2. Select Non-gallery application.

    3. In the Enter a name field, enter a name for the new application.

    4. Click Add.

    5. Go to Manage > Single sign-on.

    6. Select SAML.

    7. In the Basic SAML Configuration section, click Edit.

    8. In the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) field, paste the ACS URL value copied in step 1.c.

    9. Click Save.

    10. In the User Attributes & Claims section, click Edit.

      The Manage claims page appears.

    11. Expand Choose name Identifier Format and from the list, select Email address.

    12. In the Source field, select Attribute.

    13. From the Source attribute list, select user.mail.

    14. Click Save.

    15. In the SAML Signing Certificate section, do one of these:

      • In the App Federation Metadata Url field, click .

      • In the Federation Metadata XML field, click Download.

  3. Log in to the Avanan MSP Administrator Portal:

    1. Go to Settings.

    2. Expand Authentication Settings and click Configure SAML.

      The Configure SAML window appears.

    3. Make sure the Enable SAML checkbox is selected.

    4. In the Metadata Source section:

      • To paste the Metadata url, select Metadata URL and paste the URL copied in step 2.o.

      • To upload the Metadata XML, select File Upload and upload the XML downloaded in step 2.o.

    5. Click Save.

    Make sure to add users to the SAML application in your Microsoft Azure Portal and enable SAML Login under User Authentication Methods for the relevant users.

SAML SSO Integration with Okta

To configure Okta as SAML Provider for the Avanan MSP Administrator Portal:

  1. Follow the instructions in Okta documentation portal.

  2. The Okta configuration requires the ACS URL from the SAML Configuration window in the MSP portal, it also serve as the SP Entity ID.

  3. Once you have configured the SSO application in Okta, copy the Identity Provider Metadata URL from Okta and paste it in the Metadata URL field of the SAML Configuration window in the MSP portal.

  4. You can run the application from Okta directly from https://{domain}.oktapreview.com/app/UserHome