Skip to main content
Matrix42 Self-Service Help Center

Universal STS/SAML2 for all WM applications

Overview

Matrix42 Workspace Management 8.1.2 supports identity federation with SAML 2.0 (Security Assertion Markup Language 2.0). This feature enables federated single sign-on (SSO) – session and user authentication service that permits a user to use one set of login credentials to access multiple applications like Matrx42 Workspace Management, Matrix42 MyWorkspace, Matrix42 MarketPlace.

To use universal STS/SAML2 authentication you need to configure the trust relationship between Matrix42 MyWorkspace and your Service Provider.  Also the Secure Token Service(STS) should be enabled via Configuration/Setup Wizard.

Configuring MyWorkspace application for SSO

  1. Go to https://myworkspace.matrix42.com/ and sign in with your Matrix42 administrator account.
  2. Go to “Applications” and add new “Custom Saml2 Service Provider” application:
    -    Enter Application name;
    -    Enter Service Provider URL;
    -    Enter Service Provider Issuer name;
    -    Enter Saml2 client name;
    -    Set the NameId format to the nameid-format:emailAddress (Saml 2.0)
    -    Check “If set to true, then the Saml2 response will be signed.”
    -    Check “If set to true, then the Saml2 assertion section will be signed.”
    -    Check the “If set to true, then the Saml2 response will be encoded and sent in base 64 format.” Checkbox;
    -    Set the Saml2 response validation url to the  https://[EnterYourServerDomainName]/m42services/authorize/login
    -    Set the Logout Url to the:  
    https:// [EnterYourServerDomainName]/m42services/authorize/logout
    -    Choose the algorithm to be used to sign your Saml2 response. Select SHA256 and save the application.
    image2.jpg
  3. Now you should be able to download The Integration Guide.

Configuring login page to support different login methods

In the Administrative area of the Matrx42 Workspace Management you are allowed to:

  • Enable single sign-on
  • Enable browser credentials
  • Enable SAML2

Configuring SAML2 Authentication

To enable SAML2 authentication you should specify:

On the SAML2 Identity provider side:

  •  Set the Saml2 response validation url to the  https://[EnterYourServerDomainName]/m42services/authorize/login
  •  Set the Logout Url to the: https:// [EnterYourServerDomainName]/m42services/authorize/logout
  •  Choose the algorithm to be used to sign your Saml2 response. SHA256 should be specified.

On the Service Store side:

  •  SAML2 Login Button Title - it will be visible on the “Sign In” page.
  •  SAML2 Identity Provider ID – use the same if it was specified in the SAML2 identity provider side application for the “Service Provider URL” field(for MyWorkspace this is normally https://accounts.matrix42.com)
  • SingleSignOn/Out URI Endpoints - use the once, provided by identity provider side(for MyWorkspace you can find them under integration guide)
  •  Service Provider Issuer Name – use the same as it was specified in the SAML2 identity provider side application for the “Service Provider Issuer name (Unique Resource ID)” field.
  •  Identity provider certificate - use x509 Certificate, provided by your SAML2 provider(in case of myworkspace you can use one from Integration guide)

On the image below you can see the example how to configure SAML2 on service store side in case if Myworkspace.matrix42.com is used as SAML2 identity provider:

image.png

Single Sign On Uri Endpoint -  could be copied from the Metadata .xml document. To download it open the MyWorkspace Integration Guide for the created application and follow the link from the Step 2.

  • Was this article helpful?