Single Sign-On (SSO)
SmartBear ID supports single sign-on (SSO) with any SAML 2.0-compliant identity provider (IdP). This includes:
Azure Active Directory
OneLogin
PingFederate
Okta
SAML is the preferred authentication protocol. SmartBear also supports OpenID Connect (OIDC).
How it Works
The authentication process is as follows:
You launch a SmartBear product. The product sees that you are not logged in and redirects you to the log-in flow.
If your email domain is verified against SSO, you will be forwarded to your company's SSO portal when logging in.
Note
You will need to use DNS to validate the domain name for SSO.
Upon successful authentication, you are returned to the SmartBear product you are trying to access.
Setting up SSO
To set up SSO for your entity, open a Support Case with an "Other" Issue Type through SmartBear Support.
Important
Enabling SSO will mean that every user in your entity will switch to SSO for all products supporting SmartBear ID. A team using one of those products cannot switch to SSO without affecting all other teams using any one of them.
The process requires that you exchange configuration settings with SmartBear. When configuring SAML, the following values will be provided by SmartBear:
URN: Uniform Resource Name acts as a namespace identifier, similar to a URL, but specifically for identifying resources that may not be web-accessible. This will have the following format:
urn:smartbear:YOUR_CUSTOMER_NAME
Reply URL: Also referred to as callback URL or Assertion Consumer Service (ACS) URL. This is the destination URL where the response containing the user's authentication status is sent:
https://auth.id.smartbear.com/login/callback
In return, you must provide the metadataUrl
from your identity provider settings for the SmartBear tenant. Alternatively, this can be replaced with the metadataXml
file containing the SAML metadata in XML format.
Note
We encourage you to provide the metadataUrl
, as it is updated automatically in case of configuration modifications. The XML file remains static and will require a manual update after expiration.
Domain Ownership (DNS) Validation
To validate the domain name for Single Sign-On (SSO), you will need to use DNS. Before configuring SSO, work with your organization's DNS Domain Administrator to add a DNS record for the relevant domain name. This process allows SmartBear to verify ownership of the organization and confirm that they can effectively manage the domain settings.During the onboarding process, the SmartBear Support team will generate a TXT record string and provide instructions for DNS validation.
Configuring SSO Provider
For information about adding an application for SmartBear in Okta, see Okta as the SSO Provider.
Mapping Fields
In addition, you will need to configure field mapping for Email, Name, Surname, Phone number, and Company. This translates to the following attribute claims in your SAML application:
email address
givenname
surname
mobilenumber
companyname
After it is configured, you will need to provide the claim names.
For example, in the Azure AD SAML configuration, the claim names would be:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone_number
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname
Alternatively, for the Okta SAML configuration, the claim names would be:
email
givenname
surname
companyname