SSO Setup

SSO Configuration
Propelo supports SSO for all users and also supports basic auto-provisioning. To setup an application, these are the parameters you need to setup IDP. For example if you are using Okta as your IDP
1) SP-Entity-id: levelops.io 
2) ACS-URL: https://api.levelops.io/v1/saml_auth 
3) Name-ID format: email address 
4) Response and Assertion should be signed. 
5) Attributes for proper auto-provisioning 
    a) FirstName attribute needs to be the user’s first name 
    b) LastName attribute needs to be the user’s last name 
6) Set a default relay state for idp initiated login ( the relay state is present on the SSO configuration page)
To get to SSO configuration page on Propelo, navigate to Settings > SSO Settings or go to url: https://app.levelops.io/#/admin/configuration/sso-page​
Once you configure the Okta application, you will need to gather: 
1) idp-entity-id or the SAML-Issuer-Id or the idp-issuer-id 
2) IDP’s sso url or the app-embed link 
3) Idp certificate 
This information needs to be added into the SSO Settings on Propelo.
JIT Provisioning
With SSO enabled, Propelo supports JIT Provisioning. This means that as long as the user has been configured to enable access to Propelo application, they will be automatically provisioned into Propelo Users on first login. They are provisioned as LIMITED USERS, and can be manually updated to any other RBAC post provisioning.
Last modified 7mo ago