Configuring SAML SSO for Spotinst
These steps will guide you through setting up the single sign-on functionality between ADSelfService Plus and Spotinst.
Prerequisite
-
Login to ADSelfService Plus as an administrator.
- Navigate to Configuration → Self-Service → Password Sync/Single Sign On → Add Application, and select Spotinst from the applications displayed.
Note: You can also find Spotinst application that you need from the search bar located in the left pane or the alphabet wise navigation option in the right pane.
-
Click IdP details in the top-right corner of the screen.
-
In the pop-up that appears, download the SSO certificate by clicking on the Download Meta file.
Spontinst (Service Provider) configuration steps
-
Login to Spotnist with an administrator’s credentials.
-
Click on the Avatar icon.
-
Navigate to Settings → Security tab → Select Identity Provider
-
Enable SAML and Select Provider type as SAML.
-
You can upload the metadata file in the respective field. (Refer Step 5 of Prerequisite).
-
Select Viewer as the user default role.
-
Click Save.
ADSelfService Plus (Identity Provider) configuration steps
-
Now, switch to ADSelfService Plus’ Spotinst configuration page.
-
Enter the Application Name and Description.
-
In the Assign Policies field, select the policies for which SSO need to be enabled.
Note:ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
-
Select Enable Single Sign-On.
-
Enter the Domain Name of your Spotinst account. For example, if you use johndoe@thinktodaytech.com to log in to Spotinst, then thinktodaytech.com is the domain name.
-
Choose the Name ID format that has to be sent in the SAML response. The Name ID format will specify the type of value sent in the SAML response for user identity verification.
-
Click Add Application
Note:
For Spontinst, only SP initiated flow is supported.