Configure a Single Sign-On Service Provider

This topic describes how to add an external identity provider to your Pivotal Single Sign-On (SSO) service plan.

Setting up SAML

  1. Log into the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN as a Plan Administrator.

  2. Select your plan and click Manage Identity Providers on the dropdown menu.

    Azure manage id providers

  3. Click New Identity Provider to create a new identity provider.

    New id provider

  4. To create a new identity provider, perform the following steps:

    1. Enter an identity provider name into Identity Provider Name.
    2. (Optional) Enter a description into Identity Provider Description.
    3. Click SAML File Metadata (optional) follwed by clicking the Upload Identity Provider Metadata button to upload your metadata XML.
      Note: The Single Sign-On does not support DOS file format imports. Convert the file in one of the following ways:

      • Option 1: Execute dos2unix on the metadata file.
      • Option 2: Create a Unix file, then copy and paste the contents from the downloaded metadata file to the newly created file.
    4. (Optional) Under Advanced SAML Settings, click Attribute Mappings to enter the mappings.
  5. Click Create Identity Provider.

Configure Group Permissions

  1. Add groups to be propagated from the external identity provider to the ID token by following these steps:

    1. Log into the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN as a Plan Administrator.
    2. Select your plan and click Manage Identity Providers on the dropdown menu.
    3. Click Group Whitelist next to your identity provider.
    4. Enter the group names.
    5. Click Save Group Whitelist.
  2. Map the groups to resources defined in the SSO service by following these steps:

    1. Log into the SSO dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN as a Plan Administrator.
    2. Select your plan and click Manage Identity Providers on the dropdown menu.
    3. Click Resource Permissions.
    4. Click New Permissions Mapping and perform the following steps:
      1. Enter a Group Name.
      2. For Select Permissions, select the permissions that the members of the group from the external identity provider should have access to.
      3. Click Save Permissions Mapping.
Create a pull request or raise an issue on the source for this page in GitHub