Single Sign-On (SSO)

SSO in SmartBear ID

SmartBear ID supports single sign-on (SSO) with any SAML 2.0-compliant identity provider (IdP). This includes:

  • Azure Active Directory

  • OneLogin

  • PingFederate

  • Okta

SAML is the preferred authentication protocol. SmartBear also supports OpenID Connect (OIDC).

Setting up SSO

To set up SSO for your entity, open a Support Case with "Other" Issue Type through SwaggerHub, ReadyAPI, or TestComplete. For VisualTest and SwaggerHub Explore, use any of those links and specify the product name in the field "Problem Description".

Note

Enabling SSO will mean that every user in your entity will switch to SSO for all Products using SmartBear ID: a team using one of those products cannot switch to SSO without affecting all other teams using any one of them.

When configuring SAML, the following values will be provided by SmartBear:

  • URN: Uniform Resource Name acts as a namespace identifier, similar to a URL, but specifically for identifying resources that may not be web-accessible. This will have the following format: urn:smartbear:YOUR_CUSTOMER_NAME

  • Reply URL: Also referred to as callback URL or Assertion Consumer Service (ACS) URL. This is the destination URL where the response containing the user's authentication status is sent: https://auth.id.smartbear.com/login/callback

In return, you will need to provide the metadataUrl. This can be replaced with metadataXml file, the SAML metadata in XML format.

Note

We encourage you to provide the metadataUrl, as it is updated automatically in case of configuration modifications. The XML file remains static and will require a manual update after expiration.

In addition, you will need to configure field mapping for Email, Name, Surname, Phone number, and Company. This translates to the following attribute claims in your SAML application:

  • emailaddress

  • givenname

  • surname

  • mobilenumber

  • companyname

After it is configured, you will need to provide the claim names.

For example, in the Azure AD SAML configuration, the claim names would be:

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/phone_number

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname

Alternatively, for the Okta SAML configuration, the claim names would be:

  • email

  • givenname

  • surname

  • companyname

How it works

The authentication process is as follows:

  1. You launch a SmartBear product. The product sees that you are not logged in and redirects you to the log-in flow.

  2. If your email domain is verified against SSO, you will be forwarded to your company's SSO portal when logging in.

  3. Upon successful authentication, you are returned to the SmartBear product you are trying to access.

See Also

In this section:
© 2024
Publication date: