Security Assertion Markup Language (SAML) is a standardized method for verifying a user's identity to external applications and services. It enables the functionality of single sign-on (SSO) by allowing authentication to occur only once and then sharing that authenticated status with multiple applications.
To configure Single Sign-On (SSO) for your Wire2Air account using SAML with Google Workspace or Microsoft Active Directory (AD), follow these steps:
1. Configure SSO in Wire2Air
Begin by setting up SSO within your Wire2Air dashboard:
-
Log in to Your Dashboard: Access your Wire2Air account.
-
Navigate to Single Sign-On Settings:
- Click on Manage Accounts in the navigation panel.
- Select Single Sign-On.
This section will provide you with the necessary ACS URL (Assertion Consumer Service URL) and Entity ID required for configuring your Identity Provider (IdP).
2. Set Up SSO with Google Workspace
To integrate Wire2Air with Google Workspace:
-
Access Google Admin Console: Log in to Google Admin Console with your admin credentials.
-
Add a Custom SAML App:
- Navigate to Apps > Web and mobile apps.
- Click on Add App > Add custom SAML app.
-
Configure the App:
- Enter an application name (e.g., "Wire2Air") and upload an optional logo.
- In the Google IdP Information section, note the SSO URL, Entity ID, and download the Certificate.
- Proceed to the Service Provider Details section:
- Enter the ACS URL and Entity ID obtained from Wire2Air's SSO settings.
- In the Attribute Mapping section, map the necessary attributes (e.g., Primary Email to
email
).
-
Finalize and Activate:
- Review the configuration and click Finish.
- Ensure the app is set to ON for everyone or specific organizational units as needed.
For detailed guidance, refer to Google's documentation on setting up your own custom SAML app.
3. Set Up SSO with Microsoft Active Directory
To integrate Wire2Air with Microsoft AD via Active Directory Federation Services (AD FS) or Microsoft Entra ID:
-
Using Active Directory Federation Services (AD FS):
-
Set Up AD FS:
- Install and configure AD FS on your server.
- Ensure your AD FS is accessible over the internet if users will authenticate externally.
-
Configure Relying Party Trust:
- In the AD FS Management console, add a new Relying Party Trust for Wire2Air.
- Provide the Entity ID and ACS URL from Wire2Air's SSO settings.
-
Configure Claim Rules:
- Set up claim rules to map AD attributes to SAML attributes required by Wire2Air.
-
Set Up AD FS:
-
Using Microsoft Entra ID:
-
Register the Application:
- In the Microsoft Entra admin center, navigate to Enterprise applications and add a new application.
-
Configure Single Sign-On:
- Select Single sign-on and choose SAML as the method.
- Enter the Identifier (Entity ID) and Reply URL (ACS URL) from Wire2Air's SSO settings.
-
Download Federation Metadata:
- Download the Federation Metadata XML to provide to Wire2Air.
-
Assign Users and Groups:
- Assign the appropriate users and groups to the application to control access.
-
Register the Application:
For comprehensive instructions, consult Microsoft's guide on enabling single sign-on for an enterprise application.
4. Finalize SSO Configuration in Wire2Air
After setting up your IdP:
-
Upload IdP Metadata: In Wire2Air's SSO settings, upload the metadata file or manually enter the IdP details obtained from your IdP configuration.
-
Test the SSO Integration: Use a test account to ensure that the SSO integration works as expected.
-
Activate SSO: Once testing is successful, activate SSO for your organization within Wire2Air.
5. User Access to Wire2Air via SSO
After configuring SSO, users can access Wire2Air through:
-
Identity Provider Portal:
- Users log in to their IdP portal (e.g., Google Workspace dashboard or Microsoft My Apps portal).
- They select the Wire2Air application, which initiates the SSO process.
-
Direct Wire2Air URL:
- Users navigate directly to the Wire2Air login page.
- Upon entering their email, they are redirected to the IdP for authentication.
Ensure users are informed about the new SSO process and provide them with any necessary instructions or support contacts.
By following these steps, you can successfully integrate Wire2Air with your organization's SSO solution, providing a seamless and secure authentication experience for your users.