Probely uses the standard Security Assertion Markup Language (SAML) to exchange authentication and authorization information with an Identity Provider (IdP) to enable Single Sign-On (SSO) to the Probely app. This means that if you have SSO in place for your users to log in to your applications, you can also enable SSO to the Probely app. Learn more about Login with SSO in Probely.
The configuration of SSO involves two steps:
Configure Probely in your Identity Provider.
Configure SSO in Probely.
This article describes these steps in detail.
Step 1: Configure Probely in your Identity Provider
In this first step, go to your Identity Provider and create an entry for Probely using the following information:
Entity Identifier - The URL that identifies Probely as the issuer of SAML requests, responses, or assertions:
https://probely.com
.
โAssertion Consumer Service - The Probely endpoint to do the SAML authentication and authorization:
https://sso.plus.probely.app/sso/<organization-id>/complete/
In the endpoint, replace<organization-id>
with a string that identifies your organization (with lowercase letters and hyphens only). For example, the company name, but if you need any help, Probely can suggest it for you.
โCertificate - The SAML certificate for Probely:
MIIFjzCCA3egAwIBAgIUBjrMlHlE8dKutYm0cz0JXFIjMMQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCUFQxDzANBgNVBAgMBkxpc2JvbjEPMA0GA1UEBwwGTGlzYm9uMRAwDgYDVQQKDAdQcm9iZWx5MRQwEgYDVQQDDAtwcm9iZWx5LmNvbTAeFw0yMTAxMTExNTEyMDBaFw0zMTAxMTExNTEyMDBaMFcxCzAJBgNVBAYTAlBUMQ8wDQYDVQQIDAZMaXNib24xDzANBgNVBAcMBkxpc2JvbjEQMA4GA1UECgwHUHJvYmVseTEUMBIGA1UEAwwLcHJvYmVseS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBIuwIGTIDaKPvv8lRKNlQVRD/lZgUeeSifEGl81JywWIDKWqvrXv07dupDoEAodwX9mfl68RfrBi4SfB1FYijEl7axURJgUrijCYolF76zxhcSVwadlzR9uOQZu/y//mwEZZtuYk62s1XM6o94pomR9Iv+ODoD9QgIARJEXTo/c0a55pt1Ps5yepUAHrr2JQaKyzgqrYeh3wXjKUf74MIWo3HNeRK16q5GSEdWs5bzjhdEynm8PCsAJ8kLqn/JawLgbhnOKVtgHf/DvywgVR+r3ZdFlqzKQOIiTD0y0n+Niy8jVI50xPT0Sf4H+jzW1VUhKuU2hbuPjUbPAoIiCDm0KquUfGJNkmPO8wfFwSN9HJLGBS8J56IvDf6yib5u111ddVqY6nfq/lMydrRlahV1ifouiep9vNsG9pbDy63biXVyyZD+0M8vom3AoeV5Vi6WM6OitrmzjevPy2XdPzCmmPFsUiQaAMNvgrYlE5OmeAyRQiBAlBlzDWBdRQBHmzVfcwB4TIdFcwBA2hkCDOkX/StrPb66YHMd4l6BIfGNgpGXyUDeDw8sV0R9Z8UXAHZ7C/CkgCwiLXGXpKMYcXLW8+51TC+SFksBGq6xSv4rBTTIP/+BewWyrG4F9E08VY0wEwa7fS19Ub/sC5s0TZxc9udLODlPhXKqvUC2qfGBQIDAQABo1MwUTAdBgNVHQ4EFgQUZAuqKmA9OaaqrLYoDtKVPtCXA3MwHwYDVR0jBBgwFoAUZAuqKmA9OaaqrLYoDtKVPtCXA3MwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAZsze5LAdBkRBLmEK57E1Wp+3rhLIPjF49/riQcQZPhGV2ED4elMWsGbBTzPAeInq1m8FqMPCuAAU9Sbv+WmjzcJeDY2Re0jelmkSpiGejpRMdYhmoH3WOvHo1SfqZrlTowKKJ9qVp/nqMRMMxxjwvKvcjRjzdANl1oxitT6MjF7ISIQSHMi/sAXvYKprgcCdr+10bY+hQuK/r952Kd+YetTbfvS3B5UvhtJwCl1g3SUZCQ8n0Erxsg5rME2d10Ykva6UNlTeEEBsVWkvgkZTYzVv06T+BBIo8XX/FuwTnFj2Goej+CGxCntuFR+JMwuSX3eZKSVts3S7/ytGDFE3DKREN/xexARTICbl4+lCpvrdYIZHUR4YXTCAuw9OpYilWF/A/KlJb2aZWHI/RCDG2I7mwvA+Q9q+W5WNhBhYgeqvmF5bj0hDdVG0CpoGQEe34xasd0+EgoNlxJ565+fgXYdPdOCwXau1epRSYNNdWgjQFVs5oGhA0dbtfYQTjMN7WthvaXJNFofN4BvrGsEufIJwHTYbeHizbGu6dUxLCCLtVYVOHoF+EmL17djSU5PIT3bshDg2qmC/uJS/HTdr5NRybCyy3F8c5P7oDeVTbcqBRMY2e0ZxjJMMrwehU2q+gZovNRVTybplQXuvGzg3r0yuhRjQ1dWhKAZkEcV7B/Y=
Step 2: Configure SSO in Probely
With Probely configured in your Identity Provider, the second part of the SSO configuration is on the Probely side. For that, you need to provide the following information to Probely:
Your Entity Identifier
Your Certificate
The URL of your SSO or the URL with the metadata.
The SAML claims with information about:
The first name.
The last name.
The email.
You can also map your SAML Groups to Probely Roles and specific scopes, i.e., global to the account, a team, or a target. In this case, you must provide Probely with the SAML claim with the information about the SAML Groups and tell Probely how the mapping is done. Here is an example:
SAML Group | Probely Role | Probely Scope |
probely_admin | Admin | Global to the Probely Account |
teamX_admin | Admin | Team X |
teamX_developers | Developer | Team X |
portal_developers | Developer | Portal Target |
This mapping would produce the following results:
Users belonging to probely_admin would be given Admin permissions global to your Probely account. They can view and take action on any target of your account.
Users belonging to groups teamX_admin and teamX_developers would only perform actions on targets of Team X, with permissions to do what the respective Admin and Developer roles allow.
Users belonging to portal_developers would have the permissions given by the Developer role and would only perform actions on a single target: the Portal Target.