Cyber Guru 2.0 Help Center
Contact us
Home
Configuration and Company Management
Company Admin Manual
Single Sign-On Setup
Standard SSO

General Procedure

Edited

Thanks to SSO, Cyber Guru can provide its services without having access to the user database of the platform, delegating access policies to the IdP.

The SSO is based on the SAML protocol. For the SAML protocol to work, it is necessary for the client's Identity Provider (IdP) and CyberGuru's Service Provider (SP) to both have SAML20 components and to configure the so-called "Circle of Trust".

Both the Client and CyberGuru will need to configure their components according to the guidelines of this document. The configurations also involve the exchange of metadata between the IdP and SP. Cyber Guru requires a public URL to access the IdP's metadata structure and, in turn, exposes its own metadata structure via a public URL.

Once the configuration on the client's tenant is completed, the SSO login button will appear.

It is important to distinguish between the two types of SSO provided by CyberGuru:

  • With User Preloading

    • This mode requires that all users be preloaded onto the platform before the SSO configuration. Additional users can only be added to the platform through preloading. Furthermore, to modify the preloaded attributes that are not present within the assertion, changes must be made directly on the Cyber Guru platform. In this case, the SSO only performs the login and updates any attributes that may be present in the SAML assertion, which in the table in section 4.1 are indicated with the update "At each access". If the user is not preloaded onto the platform, access will be denied.

  • Without User Preloading

    • This mode requires that users are not preloaded onto the platform. Each user will be registered on the platform at the time of their first login, and the platform will automatically acquire all attributes defined during the SSO configuration. The platform can be configured to automatically assign licenses upon first access: in this way, at the first login, each user will automatically acquire a license to operate on the platform, and no back-office intervention will be necessary.

N.B. This document illustrates the customer configuration in case of Azure Active Directory.

If the customer has another Identity/Access management platform (e.g. Oracle, Forgerock, Okta, Microsoft ADFS, Google, IBM, AWS, WSO2 etc.), it will have to provide the SAML2.0 configuration with their own resources or with the support/consulting of the particular platform.

Disclaimer