Single Sign-On (SSO)
SSO in SmartBear ID
SmartBear ID supports single sign-on (SSO) with any SAML 2.0-compliant identity provider (IdP). This includes:
Azure Active Directory
OneLogin
PingFederate
Okta
SAML is the preferred authentication protocol. SmartBear also supports OpenID Connect (OIDC).
Setting up SSO
To set up SSO for your entity, open a Support Case with "Other" Issue Type through SwaggerHub, ReadyAPI, or TestComplete. For VisualTest and SwaggerHub Explore, use any of those links and specify the product name in the field "Problem Description".
Note
Enabling SSO will mean that every user in your entity will switch to SSO for all Products using SmartBear ID: a team using one of those products cannot switch to SSO without affecting all other teams using any one of them.
When configuring SAML, the following values will be provided by SmartBear:
URN: Uniform Resource Name acts as a namespace identifier, similar to a URL, but specifically for identifying resources that may not be web-accessible. This will have the following format:
urn:smartbear:YOUR_CUSTOMER_NAME
Reply URL: Also referred to as callback URL or Assertion Consumer Service (ACS) URL. This is the destination URL where the response containing the user's authentication status is sent:
https://auth.id.smartbear.com/login/callback
In return, you will need to provide the metadataUrl
. This can be replaced with metadataXml file, the SAML metadata in XML format.
Note
We encourage you to provide the metadataUrl
, as it is updated automatically in case of configuration modifications. The XML file remains static and will require a manual update after expiration.
In addition, you will need to configure field mapping for Email, Name, Surname, Phone number, and Company. This translates to the following attribute claims in your SAML application:
emailaddress
givenname
surname
mobilenumber
companyname
After it is configured, you will need to provide the claim names.
For example, in the Azure AD SAML configuration, the claim names would be:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone_number
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname
Alternatively, for the Okta SAML configuration, the claim names would be:
email
givenname
surname
companyname
How it works
The authentication process is as follows:
You launch a SmartBear product. The product sees that you are not logged in and redirects you to the log-in flow.
If your email domain is verified against SSO, you will be forwarded to your company's SSO portal when logging in.
Upon successful authentication, you are returned to the SmartBear product you are trying to access.