How to Integrate SSO in nOps

Running a secure cloud system is very important. With the new nOps SSO feature, integrating SSO from your favorite SAML 2.0 provider is a smooth and easy process. You can currently integrate Okta, OneLogin, Azure Active Directory (Azure AD) amongst others.

Getting Started

To incorporate SSO in nOps, you need to configure your SAML provider SSO to get it ready. To do that, you first need to get some credentials from your nOps dashboard.

Your nOps Credentials

  • To access your nOps SSO credentials, head over to your SSO Settings Page. Organizational Settings > SSO if you’re using the client portal or Partner Settings > SSO for the partner portal.

  • You will get a prompt to enable SSO

  • Doing that gives you access to the SSO Settings page.

  • Copy the Assertion Consumer Service and Entity ID values and paste them into your SAML provider’s SSO configuration settings.

  • You also need to map some defined attributes. This should be done using the exact values as stated in the picture above. These attributes are also called “Parameters” in OneLogin for example.

  • Upon completion, you will be provided setup instructions which you will then use to configure SSO on nOps.

Configuring SSO on nOps

After setting up SSO with your SAML provider, it’s now time to configure SSO on nOps.

To do that, you need to get some key credentials from your provider. They are:

  • Issuer URL (entityId)

  • SAML 2.0 Endpoint (HTTP) (singleSignOnService: URL)

  • X.509 Certificate

  • Copy these values and paste them in their respective input fields on the nOps SSO settings page as shown below.

Assigning Users

After completing the steps above, you can thereafter add users to your application. New users however need to complete a one-time email activation for them to have SSO enabled for them.

Additional Features

nOps also has some new extra features you can activate for your SSO integration.

Enable SSO Login

When you enable the toggle button shown below, users will subsequently be redirected to the SSO login for authentication the next time they try to sign in.

They only need to provide their email for this to happen if the toggle button is enabled.

Leaving this feature disabled will allow users to log in with their pre-existing login password credentials. This is however possible for only users that went through the nOps sign-up process in the first place.

Enforce SSO login

To enforce SSO login for all users, you need to specify a domain in the input box and also check the checkbox shown below.

Users coming from the specified domain address must use the SSO Login process to sign in or be denied access.

If you however want to login from another domain name, you can copy the value shown in the Shareable Link for IDP Login and sign in using that.

Setting User Roles

This feature allows you to choose a default role for users. You can choose between client-member and client-admin if you’re using the Client nOps portal OR partner-member and partner-admin in the case of the Partners nOps portal.

The partner-admin can send invitations, configure SSO and also get access to partners’ clients while the partner-member gets limited access to clients only. For the Client portal, the client-admin gets access to all available options including SSO while the client-member has no access privilege to the Settings page.

Control your SSO user groups

You can also control your SSO user groups by ​​setting a nOps role based on the SAML group. This feature is however only available for Okta for now.

To enable this feature, you need to specify at least one value for admin and user groups.

In addition, you can also enable the Allow SAML Group Configuration to Override nOps Role checkbox. This will give preference to nOps defined roles over that of your specified provider’s roles.

Lastly, you can update your SSO configuration or delete it entirely.

Note that deleting your SSO integration is an irreversible action.

Did this answer your question?