Data Republic has commenced beta testing of Single Sign-On (SSO). This SAML based SSO gives users access to Senate using your organization's identity provider (IdP). During the beta phase, we recommend organizations choose to enable SSO for their organization on an optional basis.

SSO gives organizations the ability to control password complexity, how often passwords need to change and multi-factor authentication. It also benefits users by streamlining the sign-in process and removing the need for remembering another password.

This article provides the steps needed for enabling and configuring SSO for your organization and its users on Senate. This article is aimed at the organization administrators and access to your IT department will be required to complete the SSO configuration.

In this article, you will learn about:

Prerequisites

  1. Confirm that your Identity Provider (IdP) is SAML 2.0 compatible

  2. Confirm your IdP domain - usually, this is found in your email address after the @ symbol. (e.g. if your organization's emails end in @acme.com, then your IdP domain is likely to be acme.com)
    Note: Currently Senate SSO does not support multiple domains

  3. Email your Customer Success Manager or support@datarepublic.com with your IdP domain and request SSO is turned on for your organization.

Not currently supported by SSO

Our SSO implementation is currently in beta so there are some features, listed below, that we don't currently support.

  • Multiple domains, currently only a single domain per organization is supported

  • Provisioning or deprovisioning of Data Republic users via your IdP

  • Managing roles or permissions on Data Republic for your users from your IdP

  • Using an XML config file to set up your configuration

  • Uploading the X.509 certificate as a file

  • The ability for users to sign out of the IdP from Data Republic. Users are able to sign out of their Data Republic session but this will not log them out of your IdP.

How to obtain your configuration information

Step 1
You will need to provide the following pieces of information to your IT department as it will be required by your IdP during set up.

1. Click the person icon and click Organizations.

2. Click on your Organization Name.

3. Click the Advanced Options tab. If you are unable to see the Advanced Options tab, please contact your Customer Success Manager and ask them to enable SSO.

4. On the right-hand side of the image below are the items you will need to provide to your IT Department

  • Provide to your IT Department the SSO Sign-in URL (sometimes called the SAML consumer service URL, Redirect URL or ACS URL)

  • Provide to your IT Department the Entity ID (sometimes called Realm, SPID or Service ProviderID)

5. Along with the above information, the below table provides the information your IT team will need to map required fields in your IdP. Please note these are case sensitive and need to match exactly.

Information in your IdP

Field Mapping

Email address

email

Family Name

lastName

Given Name

firstName

Step 2

When you provide the details in Step 1 to your IT Department you will need to confirm and obtain the following pieces of information. These items will be used in Setting up SSO on Senate and entered into the left-hand side fields in the image above

  1. Request the IdP sign-in URL (also known as the single sign-on endpoint, IDPID, Identity ProviderID or Issuer ID)

  2. Request the Public Certificate (sometimes called the x.509 certificate). Your IT department will need to provide this in plain text format. If you receive a .cer file you can open it in a text editor and copy the text (don't include ---BEGIN CERTIFICATE--- and ---END CERTIFICATE---)

We don't support using an XML file to configure settings.

Setting up SSO on Senate

Now that you have all the information required and your IT department has set up Senate on your IdP you can proceed to set up SSO on Senate.

1. Click the person icon and click Organizations.

2. Click on your Organization Name.

3. Click on the Advanced Options tab

4. Select the SSO status for your organization. This whether your users sign in using SSO optionally or if it will be mandatory.
Pro tip: during the Beta we recommend all organizations select 'Users can optionally sign in using SSO'. This will mitigate impact to your users if there is any difficulties in setting up SSO for your organization.

5. Complete the Identity provider name field. Think of this as the Sign-in button label that will display to your users when they are accessing Senate

6. Copy in the IdP sign-in URL supplied by your IT department into the Identity Provider sign-in URL field.

7. Copy in the X.509 certificate supplied by your IT department into the X.509 certificate field

8. Click Save

9. Log out of Senate and test signing in using SSO

10. If you can successfully sign in, inform your team that they are now able to use SSO to access Senate. We've put together a troubleshooting guide if you have problems configuring SSO.

Frequently asked questions

Why would my organization want our users to sign-in using SSO?

Your organization may want to have more control over the security measures (such as 2 step verification, password complexity etc) for how users can access the platform.

Can anyone that is able to manage users under my organization manage our SSO settings?

No, a new permission is required for this called "Organization Admin - manage single sign-on".

My IT Department won't provide the requested information to set up SSO. What do I do?

Your IT Department might be more comfortable setting up SSO on Senate themselves. You can facilitate this by adding a member of your IT team to your Senate account and provide them with the "Organization Admin - manage single sign-on" permission. This will enable your IT Team to set up SSO for your organization.

Is there a non-production environment that we test our SSO configuration in?

No, you will need to test your SSO configuration in the production environment. For this reason, we recommend organizations choose to enable SSO for their organization on an optional basis.

My organization has multiple domains, is that supported?

No, currently only a single domain supported. We are looking to support multiple domains in the future.

Can I add users via SSO?

No, you will need to create user accounts for them in Senate, for them to use SSO to sign into Senate. A Senate account is still required to sign into Senate.

Can any user under my Senate organization sign in using SSO once configured?

Yes, only if they have the correct domain name in their email address.

Will my users be able to use SSO to authenticate for SFTP?

No, your users will need to use their Senate account name and password to authenticate SFTP.

Did this answer your question?