Ask or search…
K

Single Sign-On Setup

Learn how to integrate your Identity Provider (IdP) using OIDC (OpenID Connect) or SAML (Security Assertion Markup Language).
SSO setup requires custom integration. Contact [email protected] for help.
Single Sign-on (SSO) streamlines the authentication process for your team and enhances security.
Sedai supports two common IdP configurations: OIDC (OpenID Connect) and SAML (Security Assertion Markup Language). We recommend using OIDC if both options are available.

IdP Requirements

Your IdP must pass role information during the login process. In addition, basic user information (such as full name and email address), should be transmitted for user identification.
Sedai provides three roles with unique access permissions:
Role
SedaiViewer
SedaiUser
SedaiAdmin
View
Execute
Add/edit integrations
Configure feature settings

OIDC Integration

The following information is required from your OIDC Identity Provider:
Requirement
Purpose
Discover URI
Allows Sedai to dynamically discover configuration details of your IdP (typically formatted as https://your-oidc-idp.com/.well-known/openid-configuration)
Client & Secret
Establishes secure connection between Sedai and your OIDC IdP
Roles Mapping
Maps role names used within your OIDC IdP to Sedai's roles (Sedai Viewer, Sedai User, and Sedai Admin)
Attribute for Role Name
Indicates specific attribute in your OIDC IdP that holds the role information during the authentication handshake. This attribute should contain the role details corresponding to Sedai's roles.
After our team receives this information, we will provide Callback URLs for you to update your OIDC IdP. Sedai uses the URLs to send authentication callbacks. These should be configured to handle responses from the IdP after user authentication.

SAML Integration

The following information is required from your SAML provider:
Requirement
Purpose
SAML Identity Provider Metadata XML
Initiates the SAML integration with Sedai by describing your SAML Identity Provider (see example)
Roles Mapping
Maps role names used within your SAML Identity Provider to Sedai's roles (Sedai Viewer, Sedai User, and Sedai Admin)
Attribute for Role Name
Indicates the specific attribute in your SAML Identity Provider that holds role information during the authentication handshake. This attribute should contain the role details corresponding to Sedai's roles.
After our team receives this information, we will provide Sedai's Service Provider Metadata for you to update your SAML IdP.
Some SAML providers may allow the use of Service Provider certificate data directly, which is available within the metadata.

Okta SAML 2.0 Configuration

When adding applications in Okta for SAML, you will need to provide the following details to your Sedai support contact:
Requirement
Example
Application ACS URL
https://<your-domain>.sedai.app/api/saml2/sp?client_name=Sedai-<your-domain>-SSO
Application SAML Audience
Sedai-<your-domain>-SSO
SSO URL
https://<your-domain>.sedai.app/overview
Name ID Format
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
How to create managed application in AWS IAM Identity Center
  1. 1.
    From the AWS IAM Identity Center, click on Applications -> Add Application and select I have an application I want to set up. Choose SAML 2.0 Application Type.
  1. 2.
    Enter Display Name and Description (such as "Sedai" and "Autonomous Cloud Management System").
  2. 3.
    Copy the SAML metadata file URL from the IAM Identity Center metadata section (this URL will be required for loading the IdP Metadata in Sedai; please copy and send to the Sedai team).
  3. 4.
    Under Application Properties, populate the Application Start URL as https://<your-domain>.sedai.app. Leave the rest of the fields in the default state.
  4. 5.
    Populate the Application Metadata details:
    • Application ACS URL: https://<your-domain>.sedai.app/api/saml2/sp?client_name=Sedai-<your-domain>
    • Application SAML Audience: Sedai-<your-domain>
  5. 6.
    Click Submit.
  6. 7.
    Once the application is created, go to the application home page and click Action -> Edit Attribute Mapping.
  7. 8.
    Populate the attributes as shown in the screenshot below:
  1. 9.
    Under the Assigned Users and Groups, add the three groups created in the previous step for this application: SedaiAdmin, SedaiUser, SedaiViewer.
  2. 10.
    Send your Sedai support contact the SAML metadata file URL from the IAM Identity Center metadata section and the group IDs for the corresponding Sedai roles.
Last modified 14d ago