Single Sign-On (SSO)

SmartBear ID supports single sign-on (SSO) with any SAML 2.0-compliant identity provider (IdP). This includes:

  • Azure Active Directory

  • OneLogin

  • PingFederate

  • Okta

SAML is the preferred authentication protocol. SmartBear also supports OpenID Connect (OIDC).

How it works

The authentication process is as follows:

  1. You launch a SmartBear product. The product sees that you are not logged in and redirects you to the log-in flow.

  2. If your email domain is verified against SSO, you will be forwarded to your company's SSO portal when logging in.

  3. Upon successful authentication, you are returned to the SmartBear product you are trying to access.

Setting up SSO

To set up SSO for your entity, open a Support Case with an "Other" Issue Type through SwaggerHub, ReadyAPI, or TestComplete.Use any of those links for VisualTest and SwaggerHub Explorers and enter the product name in the Problem Description box.

Important

Enabling SSO will mean that every user in your entity will switch to SSO for all Products using SmartBear ID. A team using one of those products cannot switch to SSO without affecting all other teams using any one of them.Products using SmartBear ID

The process requires that you exchange configuration settings with SmartBear. When configuring SAML, the following values will be provided by SmartBear:

  • URN: Uniform Resource Name acts as a namespace identifier, similar to a URL, but specifically for identifying resources that may not be web-accessible. This will have the following format: urn:smartbear:YOUR_CUSTOMER_NAME

  • Reply URL: Also referred to as callback URL or Assertion Consumer Service (ACS) URL. This is the destination URL where the response containing the user's authentication status is sent: https://auth.id.smartbear.com/login/callback

In return, you must provide the metadataUrl from your identity provider settings for the SmartBear tenant. Alternatively, this can be replaced with the metadataXml file containing the SAML metadata in XML format.

Note

We encourage you to provide the metadataUrl, as it is updated automatically in case of configuration modifications. The XML file remains static and will require a manual update after expiration.

Configuring SSO Provider

For information about adding an application for SmartBear in Okta, see Okta as the SSO Provider.Okta as the SSO Provider

Mapping Fields

In addition, you will need to configure field mapping for Email, Name, Surname, Phone number, and Company. This translates to the following attribute claims in your SAML application:

  • email address

  • givenname

  • surname

  • mobilenumber

  • companyname

After it is configured, you will need to provide the claim names.

For example, in the Azure AD SAML configuration, the claim names would be:

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone_number

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname

Alternatively, for the Okta SAML configuration, the claim names would be:

  • email

  • givenname

  • surname

  • companyname

See Also

In this section:
© 2024
Publication date: