Versions Compared

Version Old Version 3 New Version Current
Changes made by

Tatiana Kosmida

Robert Cox

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Summary

This supplemental guide provides step-by-step instructions on configuring Single Sign-On (SSO) with MazeMap using SAML 2.0. This is particularly useful for securing access to maps by signed-in users only.

Table of Contents
stylenone
Info

Please note: Currently, this feature is only supported in the web app, and not the native MazeMap app.

...

MazeMap supports Single Sign On (SSO) for increased security in accessing maps. With SSO, MazeMap Views can be secured for only signed-in-user access. At the moment, we support only the SAML Identity Provider the web app. Below is the procedure for enabling SSO with SAML. MazeMap


Specific Setup Guides

SAML2.0 - Creating an Azure Active Directory (AAD) Enterprise Application

Skill Level

Intermediate / Familiarity with SAML and IdP configurations.

Prerequisites

Before you begin, please ensure the following:

...

  • You have your MazeMap CUSTOMER_ID.

  • Your IdP supports SAML 2.0.

Information to provide to MazeMap

  • You have administrative access to your IdP settings.

Step-by-Step Guide to SSO Configuration

Step 1: Have your MazeMap Customer_ID

The MazeMap SAML 2.0 with MazeMap, you need to provide MazeMap with:

  • Your IDPs Metadata as either

  • Please send the URL or XML file to your Customer Success Manager

...

setup requires your CUSTOMER_ID. MazeMap will provide this ID for each domain that requires federation. Confirm the CUSTOMER_ID with your Customer Success Manager (CSM). This ID can be found in the Admin Tool or received directly from your MazeMap CSM.

If you have any questions, log a support call. log a support call.

...

Step 2: Configure Your IdP

You'll need to configure your IdP to enable federation .MazeMap will provide you with a using the provided CUSTOMER_IDfor each domain that requires federation. Please ask your CSM to confirm the Customer ID.

  1. Assertion Customer Service (ACS) Endpoint: https://auth.mazemap.com/saml2/{CUSTOMER_ID}/callback?client_name={CUSTOMER_ID}SAML2

...

  1. This is the endpoint where MazeMap’s

...

  1. service will receive SAML assertions issued by the Identity Provider.

  2. Service Provider Entity

...

  1. ID:https://auth.mazemap.com/saml2/{CUSTOMER_ID}

...


  1. This is a unique ID that identifies MazeMap’s service in the Identity Provider.

Accessing the service

...

Step 3: Provide Information to MazeMap

To complete the configuration of SAML 2.0 with MazeMap, you need to provide the following:

  1. Your IDP's Metadata: This can be provided as either:

    • URL: The public URL where the metadata for your IDP can be found (e.g., the IDP metadata for SurfNet is available at https://

...

...

USING OFFICE 365 AS YOUR IDENTITY PROVIDER (IDP)

Find instructions below on how to use Office365 as your IDP. 

  1. Create an Azure Active Directory Enterprise application. Login to your AAD Account

    1. Click on Enterprise applications

    2. Click on New application then Create your own application

...

  1. Enter your desired name for your application

...

  1.  Under Getting Started, select Set up single sign on then select SAML

...

  1. Consult the information you received from MazeMap. Given your CUSTOMER_ID fill in the following fields

    1. Identifier (Entity ID): https://auth.mazemap.com/saml2/{CUSTOMER_ID}

    2. Reply URL (Assertion Consumer Service URL): https://auth.mazemap.com/saml2/{CUSTOMER_ID}/callback?client_name={CUSTOMER_ID}SAML2

    3. Logout Url (Optional): https://auth.mazemap.com/saml2/{CUSTOMER_ID}/logout
      Note however that if this url is not set, users will not be redirected back to mazemap after single logout process.

  2. Send the metadata url in the field App Federation Metadata Url to MazeMap

...

Step 4: Configure Group Access

If your deployment calls for group-based view access, follow these steps to configure group access:

  1. Add Group Claims: Ensure your IdP sends group claims in the SAML assertion.

  2. Group ID (Object ID): Obtain the Group ID (Object ID) for the groups you want to provide access to.

  3. Add Groups to MazeMap Configuration: Add the Group ID (Object ID) to the accessGroups in the ssoConfig section in your MazeMap customer configuration.

Step 5: Accessing the Service

After configuration, your maps can be accessed by going to https://use.mazemap.com after a successful integration test.

...

  1. Please send the Application ID to the CSM assigned to the project, as that needs to be included in the configuration on MazeMap’s end. In order to collect the Application ID, click on the MazeMap SSO in the list of applications under “Enterprise Applications” in the Azure Portal.

  2. You will need to add users or groups to the application you've just created. This indicated the users that are allowed to sign in with the Application

...

Optional: Access Groups
For Asset Visualization, if the deployment calls for SSO, it’s possible to limit access to given groups by adding the Group ID (Object ID) to the accessGroups in the ssoConfig section in customer config.
Also, if you intend to use group-based view access, then you need to do the following in order be able to give exclusive access to certain map view to specific user groups. For this to work you’ll need to add the Group claim.

...

?campusid={CAMPUS_ID} and using the SSO login menu.

Troubleshooting

Conclusion

Configuring SSO with MazeMap enhances security by allowing only authenticated users to access maps. Follow this guide to set up and manage SSO and group access effectively in your MazeMap applications.