Enable SSO access to your MineOS account for you and your team through any Identity provider that supports SAML.
Before you start, make sure you have:
-
An account in an IdP that supports SAML authentication
-
A MineOS enterprise account
This article describes how MineOS allows users to authenticate against an external IdP using the Security Assertion Markup Language (SAML) protocol.
SAML-based federation involves two parties:
An identity provider (IdP): authenticates users and provides to Service Providers an Authentication Assertion if successful.
A service provider (SP): relies on the Identity Provider to authenticate users.
MineOS supports SP-initiated SAML connections and can serve as the service provider for users that are authenticated by different IdPs.
During the login process, workspace teammates will be redirected to the IdP in order to authenticate and then returned to the MineOS portal.
How to create a SAML application:
In order to integrate with a SAML IdP, you will need to create a dedicated MineOS Application within your SAML IdP.
Most of the IdPs will require the following information when creating a new application:
- Single sign-on URL: https://mineos-b2b.eu.auth0.com/login/callback
- Audience URI (SP Entity ID): urn:auth0:mineos-b2b:{COMPANY_NAME}
Remember to replace {COMPANY_NAME} with your actual workspace name
In order to map the IdP members correctly the following attributes have to be passed to the platform:
|
IdP Attribute |
MineOS Mapping |
|
Email Address |
|
|
First Name |
given_name |
|
Last Name |
family_name |
How to create the connection in MineOS:
Once the application is created you'll be provided with the following information:
-
Collect the following information:
- X.509 Certificate
- IdP Sign-in URL
- Audience URI (SP Entity ID)
- Company user domains (i.e. user@domain.com, user@domain1.com, etc.).
- Share the information with our support team (support@saymine.com) to configure the connection for your workspace.