Search

How to Integrate SAML with HENNGE

Article author
Learning Center Mekari
  • Updated

To enable SAML integration, you need to create a new App integration through the HENNGE admin center. Below are the steps to create a new App integration in HENNGE.

A. Create App Integration

  1. In this section, make sure the Name ID matches the login ID used in the SP service. If the login ID in the SP service is not an email address, then the Name ID must be set to a format other than email.

  2. Copy the IdP Metadata and Certificate below, then share them with the SP.

  3. Then wait until the SP completes the SAML configuration setup.

B. SAML Configuration Process

In this section, you need to obtain the required information to set up HENNGE One. Before proceeding with the HENNGE One configuration, make sure you have prepared all the necessary information.

 

Click here to learn about manual HENNGE configuration.

  1. Log in to the HENNGE Access Control Management Console using an administrator account, then select the Connected Services menu and click the “+ Add Service” button.

  2. On the next screen, click the “Add Service Manually” button.

  3. Enter the name that will be displayed in the service provider list.

  4. Enter the ACS URL that you obtained.

  5. Some services may require you to enter additional ACS URLs. If needed, click “Add URL” and then enter the additional ACS URLs you obtained.

  6. Enter the SP Issuer in the provided field.

  7. Select the key information to be used for integration with the service. If the information used to identify users is an email address, select “Email” or “UserPrincipalName (UPN)”.

  8. In the Name ID Formats section, choose one format: email or unspecified.

  9. Some services may require you to enter a login URL for SP-initiated login. If required, enter the service login URL in the “Login URL” field.

  10. Beberapa layanan mungkin mengharuskan Anda memasukkan Relay State untuk IdP-initiated login.

  11. If required, enter the Relay State from the service in the “Relay State” field.

  12. You can choose one Sign mode: Assertion or Response. Usually, both options can be used, but some services may only support one of them.

  13. Some services require a unique IdP Issuer (Audience). If needed, enter a unique identifier (entity ID) for each service in the “Unique part” field.

  14. Some services may require adding Attributes to the IdP. If needed, fill in the “Attribute” and “Value” fields with the specified values.

  15. Click “Submit” to save.

C. Grant Access

To access services via single sign-on, access permissions must be configured first. Below are the steps.

  1. To configure access permissions based on groups, go to the Access Policy Groups menu in the HENNGE Access Control Admin Console.

  2. Click “access policy group” you want to configure.

  3. At the bottom of the policy group details page, a list of SP services will be displayed. Check the box next to the SP service you want to grant access to, then click “Save changes”.

  4. If you want to configure access permissions for specific users, click the “Users” menu, then select the users you want to grant access to.

  5. To enable access, check the box next to the SP service you want to allow, then click “Change”.

Access the SP service and ensure that all SSO processes are successfully completed. The SP service can be accessed using the SP-Initiated method.

 

Click here to access the SP service via SP-Initiated.