In addition to authentication with Windows credentials and email/password, Qalyptus supports SAML 2 authentication using Identity Providers like Okta, Auth0, Azure AD, Ping Identity, …
Authentication with SAML is also available in our Qlik Sense extensions: Qalyptus On-demand and Qalyptus Self-Reporting.
You can configure one or more Identity Providers.
Configure an Identity Provider (IdP)
To configure your Identity Provider, do the following:
- Connect to Qalyptus Server as an administrator
- Go to Qalyptus Administration > System > Identity Providers
- Click Create Identity Provider
- Enter a Name
- Enter a description (optional)
- Check the option Sign Auth Request If you want to sign the Authentication request and if it’s supported by your IdP
- Use the metadata file or the information below in your Identity Provider Settings.
- Assertion Consumer Service(ACS) URL
- Service Provider(SP) Entity ID
The metadata file contains all the information about the Service Provider (Qalyptus).
Qalyptus automatically retrieves the Identity Provider certificates.
- Enter the Entity ID provided by your IdP (Issuer URL)
- Enter Singl Sign-On URL (SSO URL) provided by your IdP
- Enter the Button label. Example: Log in with Okta
- Click Save
If your IDP is Ping Identity, add the attribute Email Address with the value email in the Application settings.
Use Identity Provider
An Identity provider must be added to an organization. Only the members (users) of the organization can use the specific Identity provider.
You can add more than one Identity provider to an organization. The member of the organization will see a Log in button for each Identity Provider.
If an organization uses only one Identity Provider, the user is automatically redirected to authenticate (the login button is not displayed).
Qalyptus On-Demand authentication settings