Set up SAML SSO using Auth0

Single Sign-On (SSO) enables users to seamlessly sign in to applications and services without re-entering the credentials. The Cyware applications seamlessly integrate with Auth0 to use SSO through the Security Assertion Markup Language (SAML) protocol.

SAML is an XML-based protocol used to exchange authentication and authorization data between applications. Within the Cyware application-Auth0 SAML integration, the Cyware applications act as the Service Provider (SP), and Auth0 acts as the Identity Provider (IdP). When users sign in to the applications using the SAML authentication method, the IdP (Auth0) sends a SAML assertion to the browser that is passed to the SP (Cyware applications). This enables Auth0 to establish a secure connection with the browser and then authenticate the users to sign in to the application.

Supported Cyware Applications

You can configure Auth0 as a SAML 2.0 authentication method in the following Cyware applications:

Collaborate
Intel Exchange

Before you Start:

You must have an Auth0 developer account.
You must have administrator-level edit permission to update the authentication configuration in the Cyware application.

Get Service Provider Details

To configure a Cyware application as a SAML 2.0 app in Auth0, you must provide the service provider details of the application, such as the Assertion Consumer URL and Entity ID.

To get the service provider details for Intel Exchange, see Configure SAML 2.0 as the Authentication Method.
To get the service provider details for Collaborate, see Configure SAML 2.0 as the Authentication Method in Manage Analyst Portal Authentication.

Configure an Application as SAML 2.0 App in Auth0

In Auth0, configure a Cyware application as a SAML 2.0 app and generate the single sign-on URL, metadata XML, and certificate. These details are required to provide the identity provider details of Auth0 in the SAML 2.0 authentication configuration of the application.

To configure an application as a SAML 2.0 app in Auth0, follow these steps

Note

This procedure mentions the fields and values that are required to configure a Cyware Application as a SAML 2.0 app. For the fields that are not mentioned, leave them as it is. For more information, see Create Applications in AUth0.

Sign in to the Auth0 developer account.
Go to Applications > Applications.
Click Create Application and enter the following details:
- Enter the name of the application. For example, Collaborate Analyst Portal.
- Select the application type as Regular Web Applications.
- Click Create.
Select Django as the technology used in the application.
Go to the Settings tab, and then go to Application URIs.
In the Allowed Callback URLs, enter the Assertion Consumer URL that you copied in Get Service Provider Details.
In Allowed Logout URLs, enter one of the following URLs based on the Cyware application and click Save Changes:
- For CTIX, enter https://<domain>/ctix/.
- For CSAP Analyst Portal, https://<domain>/dashboard/
- For CSAP Member Portal, enter https://<domain>/webapp/.
Go to the Addons tab and select SAML2 WEB APP.
In the Usage tab, download and save the following data to provide the identity provider details in the Cyware application:
- Identity Provider Certificate
- Identity Provider Login URL
- Identity Provider Metadata
Go to the Settings tab and replace the Settings data with the following data to map the user data of Auth0 with the application.
```
{
   "mappings":{
      "email":"email",
      "name":"first_name",
      "user_id":"username"
   }
}
```
Click Enable.

Configure Auth0 as SAML 2.0 Authentication Method in Cyware Application

Use the identity provider details (Identity Provider Certificate, Identity Provider Login URL, and Identity Provider Metadata) to configure Auth0 as a SAML 2.0 authentication method in a Cyware application.

To configure SAML 2.0 authentication method in Intel Exchange, see Configure SAML 2.0 as the Authentication Method.
To configure SAML 2.0 authentication method in Collaborate, see Configure SAML 2.0 as the Authentication Method.

Add User in Auth0

Add users of the Cyware applications into Auth0 and enable them to sign in using the Auth0 credentials.

Before you Start

Ensure that the user who is added to Auth0 already exists in the Cyware application.

Note

You can add a user in Auth0 without adding the user in Intel Exchange. Intel Exchange supports Just-in-Time provisioning that automatically creates a user account when a user signs in using Auth0 authentication.

Steps

To add a user in Auth0, follow these steps:

Note

The steps to create users in Auth0 may vary. Refer to the following Auth0 documentation to create users: Create Users in Auth0.

Sign in to the Auth0 developer account.
Go to User Management > Users.
Click Create User and add the following details:
Note
You can import users into Auth0 in bulk. For more information, see Bulk User Imports.
- Enter the same email ID that you used to add the user to the Cyware application. The user will be authenticated using this email ID.
- Enter a password for the user.
- Re-enter the password to confirm.
- Select Username-Password-Authentication in Connection.
Click Create.

The user is added in Auth0. To verify the email ID of the user, click Actions > Send Verification Email. The user will receive a verification email.

After the email ID is verified, the user can sign in to the application using the Auth0 credentials.

Validate the SAML SSO Integration

To validate the SAML SSO integration, do the following:

Open the application in a web browser.
Click the SAML authentication method.
Enter the Auth0 credentials to sign in.

You should be able to sign in to the application.

Note

If a user is already signed in to the Auth0 account, the user should be able to sign in to the Cyware application without re-entering the Auth0 credentials.

General Documents