Skip to Content

Configure Harmony SSO SAML 2.0

Introduction

SAML 2.0 is one of two supported protocols for Harmony single sign-on (SSO). (OAuth 2.0 is the other Jitterbit-supported protocol.) This page describes how to configure SAML 2.0 in the Management Console.

SAML 2.0 Configuration

Before following the instructions below, refer to Configure SSO in the Management Console for requirements and additional information for configuring Harmony SSO.

To configure SAML 2.0 for Harmony SSO, from the Organizations page, use the organization's Action menu dropdown to select Edit Organization Policies.

In the Edit Organization Policies dialog, use the Enable SSO dropdown to select SAML 2.0.

The Edit Organization SSO Provider Info dialog for SAML 2.0 provides these configurable fields and actions:

attachment

  • Identity Provider Metadata: Enter the XML metadata obtained from the identity provider. Refer to instructions for obtaining the identity provider metadata for Azure Active Directory, Okta, or Salesforce.

  • Harmony Client: Jitterbit supports SSO for two Harmony clients: WMC and Studio. These two clients are provided by default in the configuration and cannot be edited.

    1. WMC: This Harmony client is for the Harmony Portal and its applications.

      Note

      Although the user interface refers to WMC (the former name for the Management Console), the WMC Harmony client configuration applies to all of the web-based products accessible via the Harmony Portal.

    2. Studio: This Harmony client is for Design Studio. An app for this client must be created, even if you do not intend to use Design Studio.

    Warning

    Both WMC and Studio must be configured for SSO when SSO is enabled. If either client is configured improperly, you will not be able to test the configuration successfully and save the SSO settings.

  • ACS URL: The URL associated with the Harmony client is provided by default in the configuration and cannot be edited.

  • Service Provider Metadata: Enter the XML metadata from the service provider. Refer to instructions for constructing the service provider metadata for Azure Active Directory, Okta, or Salesforce.

  • Test Configuration: After configuring the Client ID and Client Secret for each Harmony client, click its Test Configuration button. On clicking this button, a new browser tab opens, displaying the native login interface for the identity provider. Enter or verify your credentials for the identity provider, and accept any prompts to allow access to the Harmony client.

    • If SSO is configured properly, you will be redirected to the Management Console with a message indicating success.

    • If SSO is not configured properly, you will be redirected to the Management Console with an error message providing more information about the specific error.

    Caution

    Be careful about how many times you test configuration within a given timeframe. Continuous or excessive unsuccessful test attempts may lock access to your identity provider account.

  • Save: This button is disabled until Test Configuration is performed successfully for both Harmony clients. Once enabled, click to save the configured SSO settings. After you have configured and saved an OAuth 2.0 configuration, the newly configured SSO policies will take effect on next user login.

  • Cancel: Click to close without saving.