Protect your platform and user data by configuring security measures.
Navigate to Settings > Security Management > User Login.
Choose between setting up passwords or Single Sign-On (SSO) based on your security preferences.
Optionally, enable Two-Factor Authentication (TFA) for an additional layer of protection if required.
Configuring Single Sign-On (SSO) with Okta:
Once you select SSO in the User Login, the configuration settings for SSO will appear.
📝 Note: Ensure the “Consumer Service URL” provided in SuperOps is added to your Okta account.
Here are the steps to be done on Okta’s side:
Open the Okta Admin dashboard, navigate to Applications on the left pane, and click Create App Integration. The sign-in method for this app to integrate with your SuperOps account must be SAML 2.0.
On the next page under general settings, give a name for your app and click next.
3. Under the configure SAML tab, enter the consumer service URL generated from the SuperOps account under a single sign-on URL and Audience URI.
4. Scroll down on the same page add the following names under “attribute statements” and map it as shown in the image below.
The “Names” to be added are:
email
firstname
Lastname
Please note that the above Names are case-sensitive and must be in lowercase characters.
5. Once you finish the setup, Okta will generate setup Instructions that must be copied over to your SuperOps account.
6. From here, the Identity Provider Single Sign-On URL is mapped to the IDP Login URL, and the X.509 Certificate is mapped to the Certificate from Okta and SuperOps respectively.
7. The logout URL on your [SuperOps](http://SuperOps) account is optional.
8. Once this is configured and saved, you will be redirected to the Okta login page while accessing the User Login page on your [SuperOps](http://SuperOps) account.
Setting up SSO with Google:
To set up SSO for User Login with Google and SuperOps, please follow the below steps.
Log in to your Google Organization account.
Navigate to Apps > Web and Mobile Apps.
Under "Add App," select "Add custom SAML app."
Enter details for your custom SAML app.
5. In the next step, ensure to copy the SSO URL and certificate.
6. The next step is to add service provider details. For the ACS URL, paste the Consumer Service URL from your SuperOps instance.
7. To copy the Consumer Service URL, navigate to Settings > User Login > SSO > Consumer Service URL.
8. Now, paste the ACS URL and set the entity ID tohttps://SuperOps.
9. Next, edit user attributes to pass the below values for SuperOps to allow the login requests coming in from Google.
email - {placeholder used for email in your instance}
firstname - {placeholder used for first name in your instance}
lastname - {placeholder used for last name in your instance}
📝 Note: Please keep in mind that these attributes are case-sensitive. You'll encounter issues unless the attributes are used precisely as mentioned.
10. Paste the copied certificate into SuperOps under Settings > User Login > SSO > Certificate.
11. If you want to enable the services for all users, make sure you choose the below service status.
12. Similarly, paste the login URL under the login URL in SuperOps. (under Settings > User Login > SSO > Login URL).
13. Once you are done, hit save.
Setting up SSO with Azure AD:
To set up SSO for User Login with Azure AD and SuperOps, please follow the below steps.
1. Login to your Azure AD instance.
2. Choose the Enterprise Application option from the navigation menu on the left.
3. Click on '+ New Application'.
4. Since we are yet to be listed in AD's marketplace, Click " + Create your own application".
5. Give it a name and choose the option, " Integrate any other application you don't find in the gallery (Non-gallery)".
6. Here, assign users who must have access to SuperOps.
7. Now choose, "Set up single sign-on" and choose SAML.
📝 Note: If you configure CNAME after setting up SSO, ensure that you update them in the corresponding Azure settings as well.
8. Edit the Basic SAML configuration as shown below and click save:
-> Identifier (Entity ID) : https://SuperOps ( Mark it as default and delete any other default available.)
-> Reply URL: This is the URL present under Settings -> User Login -> SSO -> Consumer Service URL (from your SuperOps instance).
9. Next edit user attributes to pass the below values for SuperOps to allow the login requests coming in from Azure AD.
Click edit -> Add new claim, and add the below records ( Given as name - source attribute pair)
-> email - user.mail
-> firstname - {placeholder used for first name in your instance}
-> lastname - {placeholder used for first name in your instance}
Please keep in mind that these attributes are case-sensitive. You'll encounter issues unless the attributes are used precisely as mentioned.
10. To add the certificate under SuperOps, download the Base64 certificate available under section "3. SAML Signing Certificate" and open it in Notepad. Copy the certificate and paste it into SuperOps under Settings -> User Login -> SSO -> Certificate.
11. Similarly to Section 4, copy the login URL and paste it under the login URL in SuperOps. ( under Settings -> User Login -> SSO -> Login URL ).
📝 Note: We do not support log-out URLs with Azure AD yet, and this should be available soon.
12. You are all set!