Skip to main content
OpenEye Knowledge Base

SAML Integration Instructions

SAML Integration
Add Identity Management Integration - Channel Partners

As a web services Administrator,

  1. Go to Management > Integrations.
  2. Click Add New Integration.

Add New Integration Button.png

  1. Select SAML.

SAML Add New Integration Popup.png

  1. Click Next.
  2. Ensure Enable SAML Integration is checked in General Settings.
  3. Select Identity Management.
  4. Check Enable Third Party Authentication.

NOTE: Keep this page open on a browser tab while you perform the next step.

Integrations Identity Management.png

Add SAML Integration - End Users

Go to Integrations in the End User Portal.

  1. Select SAML.
  2. Click Next.

SAML Add New Integration Popup.png

  1. The SAML integration will be added to the Manage Integrations list.

SAML Integration Added.png

  1. To make changes to the integration, click Edit Button.png from Manage Integration.

SAML General Settings.png

NOTE: You'll be alternating between OWS and Azure AD in order to perform this integration.

Configure SAML for OWS Access
  1. Copy the Single sign on URL (ACS URL) from the OWS identity management page to the appropriate field in the IDP.
  2. Copy the Audience URI (SP Entity ID) from the OWS identity management page to the appropriate field in the IDP.
  3. To further configure, copy either manually or via IDP metadata URL:
    1. If manual:
      • Copy over the IDP metadata over to the Identity Provider Metadata field on OWS and save the page via clicking Save.
  4. If via IDP Metadata URL:
    1. Copy over the Audience URI (SP Entity ID) value to use as the IDP Metadata URL.
      • Save the Identity Management settings for both OWS and the IDP.
Add Users Manually or Enable Provisioning via SCIM

Users may now be configured to access your OWS application in one of three ways:

  1. Manual invite via OWS.
  2. Automatic provisioning via SCIM 2.
  3. Just-in-Time Provisioning (JITP).
Manual Invite via OWS

Users may be manually added to WS via the standard WS user invite function, including manually adding them to User Groups. The primary advantage of this approach is that users invited in this fashion may choose to login either via WS credentials or the IDP credentials. This approach is ideal for Administrators who need a non-IDP method to login just in case there is an IDP issue. The downside of this approach is that user management is not simplified into a single place, and that users may login both ways if configured to do so.

Automatic Provisioning via SCIM 2

The ideal integration, so that all users may be configured in a single location, is to enable automatic user provisioning via an integration with SCIM 2. To support this, a SCIM 2 API location along with an authentication token to use in an “Authorization” header has been provided.

Automatic Provisioning via Just-in-Time Provisioning (JITP)

Provisioning may also be performed via JITP through claims made in the SAML that is presented to OWS. 

Enable SAML Integration

Follow these instructions to Enable an Identity Management Integration.

Using Just in Time Provisioning (JITP)  

Follow these instructions to Enable Just-in-Time Provisioning (JITP).

  • Was this article helpful?