Avanan MSP Portal supports Single Sign-On (SSO) with various providers using SAML. Once SAML integration is enabled on the portal, each portal user can be configured to log in with either SAML or credentials (or both).
Configuring SAML Integration
SAML Identity providers require the following:
- An Assertion Consumer Service (ACS) URL (also referred to as the Single Sign-On URL) or the Entity ID of the service provider (sometimes called the Audience URI).
- Metadata Source - either Metadata File in .xml format, or a Metadata URL, both can be obtained from the Identity Provider.
To configure SAML integration, follow these steps:
In the MSP Portal, go to Settings page.
Click on Configure SAML.
- To enable SAML integration, click on Enable SAML.
- Copy the ACS URL and provide the URL to the Identity provider. The ACS URL will also serve as the Service Provider Entity ID
- Select Metadata Source type - file or URL.
- Based on the selection from previous step, upload file or specify the Metadata URL.
- Click Save.
User Authentication with SAML
For each user in the MSP portal, it is possible to set the allowed authentication method. When SAML integration is enabled, users can use SSO for their login. Each user can login with SAML, credentials, or both. It is advised that at least one of the admins would be allowed to login also with credentials, in case of an error in the SSO login or the SAML integration.
To set authentication method for a user:
- In the MSP Portal, go to Settings page.
- Click on a user.
- Check the desired options - Password Login and SAML Login.
- Click Save.
- To login using SSO: when a user logs in to the MSP Portal, choose Login with SAML.