Search

How to Integrate SAML with HENNGE

Article author
Learning Center Mekari
  • Updated

To enable SAML integration, you need to create a new App integration through the Hennge admin center. Here are the steps to create a new App integration on Hennge.

A. Creating an App Integration

  1. In this section, make sure the Name ID matches the login ID used on the SP service. If the login ID on the SP service is not an email address, then the Name ID must be set using a format other than email.

  2. Copy the following IdP Metadata and Certificate and share them with the SP.

  3. Then wait until the SP completes the SAML configuration setup.

B. SAML Configuration Process

In this section, you need to obtain the information required to set up HENNGE One. Before proceeding with the HENNGE One configuration, make sure you have prepared the necessary information.

Click here to learn about manual HENNGE configuration.

  1. Log in to the HENNGE Access Control Management Console with an administrator account, select the Connected Services menu, then click the “+ Add Service” button.

  2. On the next screen, click the “Add Service Manually” button.

  3. Enter the name to be displayed in the service provider list.

  4. Enter the ACS URL you obtained.

  5. Some services may require you to enter additional ACS URLs. If needed, you can click “Add URL”. Then enter the additional ACS URLs you obtained.

  6. Enter the SP Issuer in the provided field.

  7. Select the key information to be used for integration with the service. If the information used to identify users is an email address, select “Email” or “UserPrincipalName (UPN)”.

  8. Enter the Mekari login URL in the “Login URL” field in HENNGE.

  9. You can choose one of the Sign modes: Assertion or Response. Usually, both options can be used, but some services may only support one of these methods.

    SAML Sign Mode Test Results:
    The “Assertion” and “Response” modes have been tested, and both are successful.
    Differences:
    - Sign Assertion: Signs the user identity data directly. This is a best security practice.
    - Sign Response: Signs the entire message container.
    Recommendation:
    - Sign Assertion: Offers a higher level of security.

  10. Click “Submit” to save.

C. Access Permissions (Grant Access)

To access services via single sign-on, access permissions need to be set first. Here are the steps.

  1. To set access permissions based on groups, go to the Access Policy Groups menu in the HENNGE Access Control Admin Console.

  2. Click the “access policy group” you want to configure.

  3. At the bottom of the policy group detail page, a list of SP services will be displayed. Toggle the switch next to the SP service name you want to grant access to, and click “Save changes”.

  4. If you want to set access permissions for specific users, click the “Users” menu and check the users you want to grant access to.

  5. To enable access, check the box next to the SP service name you want to allow, then click “Change”.

Access the SP service and ensure all SSO processes are successfully completed. The SP service can be accessed using the SP-Initiated method.

Click here to access the SP service via SP-Initiated.