Summary

This supplemental guide provides step-by-step instructions on configuring Single Sign-On (SSO) with MazeMap using SAML 2.0. This is particularly useful for securing access to maps by signed-in users only.

Specific Setup Guides

SAML2.0 - Creating an Azure Active Directory (AAD) Enterprise Application

Skill Level

Intermediate / Familiarity with SAML and IdP configurations.

Prerequisites

Before you begin, please ensure the following:

• You have your MazeMap CUSTOMER_ID.

• Your IdP supports SAML 2.0.

• You have administrative access to your IdP settings.

Step-by-Step Guide to SSO Configuration

Step 1: Have your MazeMap Customer_ID

The MazeMap SAML 2.0 setup requires your CUSTOMER_ID. MazeMap will provide this ID for each domain that requires federation. Confirm the CUSTOMER_ID with your Customer Success Manager (CSM). This ID can be found in the Admin Tool or received directly from your MazeMap CSM.

If you have any questions, log a support call. log a support call.

Open

Step 2: Configure Your IdP

You'll need to configure your IdP to enable federation using the provided CUSTOMER_ID.

1. Assertion Customer Service (ACS) Endpoint: https://auth.mazemap.com/saml2/{CUSTOMER_ID}/callback?client_name={CUSTOMER_ID}SAML2
   This is the endpoint where MazeMap’s service will receive SAML assertions issued by the Identity Provider.

2. Service Provider Entity ID: https://auth.mazemap.com/saml2/{CUSTOMER_ID}
   This is a unique ID that identifies MazeMap’s service in the Identity Provider.
   
   

Step 3: Provide Information to MazeMap

To complete the configuration of SAML 2.0 with MazeMap, you need to provide the following:

1. Your IDP's Metadata: This can be provided as either:

   • URL: The public URL where the metadata for your IDP can be found (e.g., the IDP metadata for SurfNet is available at https://metadata.surfconext.nl/idp-metadata.xml).

   • XML File: Send the URL or XML file to your CSM.
     
     

Step 4: Configure Group Access

If your deployment calls for group-based view access, follow these steps to configure group access:

1. Add Group Claims: Ensure your IdP sends group claims in the SAML assertion.

2. Group ID (Object ID): Obtain the Group ID (Object ID) for the groups you want to provide access to.

3. Add Groups to MazeMap Configuration: Add the Group ID (Object ID) to the accessGroups in the ssoConfig section in your MazeMap customer configuration.
   
   

Step 5: Accessing the Service

After configuration, your maps can be accessed by going to https://use.mazemap.com?campusid={CAMPUS_ID} and using the SSO login menu.

Troubleshooting

Conclusion

Configuring SSO with MazeMap enhances security by allowing only authenticated users to access maps. Follow this guide to set up and manage SSO and group access effectively in your MazeMap applications.