In this article you will learn everything about the possibilities of a SAML connection to presono.
presono supports the Single-Sign-On (SSO-) login via SAML. For this purpose there is an interface to presono that has to be set up. The SAML interface is used in presono only for user and rights management.
Via this interface the users are assigned to the corresponding user groups in presono at each login. So there are user groups in SAML and in presono. These are assigned to each other via the interface. If a user has been assigned to a user group in SAML, which is also assigned to a group in presono, the user can log in to presono via SAML and is automatically assigned the rights of the respective group. A user group can also refer to several groups in presono and vice versa.
If SAML is already used by the customer, the interface can be used and the connection can be done individually. This is of course done in cooperation with the presono team.
If the login was set up via SAML, the SAML Login appears instead of the presono Login Screen (URL: https://my.presono.com/login). Users cannot log in via the presono login screen, so they will be redirected to the SAML page.
Technical background
We use Auth0 (auth0.com) as a service for our authentication mechanisms. In the ADFS configuration, Auth0 takes over the mediation between the customer's Active Directory and presono.
The previous integrations were implemented via ADFS (Active Directory Federation Services). For this purpose our Auth0 Tenant is created as a Relying Party and then the following claims are provided:
- E-Mail-Address
- Display name
- User Principal Name
- Given name
- surname
- Groups (or custom roles)
Auth0 takes over the forwarding to presono if authentication is successful.