Cyber Guru 2.0 Help Center
Contact us
Home
Configuration and Company Management
Company Admin Manual
Single Sign-On Setup
Standard SSO

General Procedure

Edited

Thanks to SSO, Cyber Guru can provide its services without having access to the user database of the platform, delegating access policies to the IdP.

NOTE: It is noted that within the articles present in this section, the configuration of the client for EntraID is described.

If the client uses another identity and access management platform (for example, Oracle, Forgerock, Okta, Microsoft ADFS, Google, IBM, AWS, WSO2, etc.), it will be necessary to configure SAML 2.0 using its own resources or with the support/consultation of the platform used.

SSO is based on the SAML protocol. For the SAML protocol to work, it is necessary for the client's Identity Provider (IdP) and Cyber Guru's Service Provider (SP) to both have SAML 2.0 components and be able to configure the so-called "Circle of Trust."

Both the Client and Cyber Guru will need to configure their components according to the guidelines of this document.

The configurations also involve the exchange of metadata between IdP and SP. Cyber Guru requires a public URL to access the IdP's metadata structure and, in turn, exposes its own metadata structure via a public URL.

Once the configuration is completed on the client's tenant, the SSO login button will appear.

It is important to distinguish between the two types of SSO provided by Cyber Guru:

  • With User Preloading

    • This mode requires that all users be preloaded onto the platform before the SSO configuration. Additional users can only be added to the platform through preloading. Furthermore, to modify the preloaded attributes that are not present in the assertion, changes must be made directly on the Cyber Guru platform. In this case, SSO performs the single login and updates any attributes that may be present in the SAML assertion which in the table are indicated with the update "At each access."

      If the user is not preloaded on the platform, access will be denied.

  • Without User Preloading

    • This mode requires that users are not preloaded onto the platform. Each user will be registered on the platform at the time of their first login, and the platform will automatically acquire all attributes defined during the SSO configuration. The platform can be configured to automatically assign licenses at the first access: in this way, at the first login, each user will automatically acquire a license to operate on the platform, and no manual intervention will be necessary.

Disclaimer