Prerequisites

• Install Shibboleth root ca certificate to Secure Access. Contact Matrix42 for certificate installation.
  

Step-by-step instructions for Secure Access configuration

1. Login with Secure Access Admin user (main.admin) to URL e.g.  https://domain.com/auth/admin
    
2. Open Identity Provider settings from the left side panel and choose Add provider, type SAML v2.0  
   
3. Set information for new SAML provider
   Set alias, displayname and display order (where to show button on login screen)
   Set SAML entity descriptor url you got from Shibboleth environment
    
   
   Click Show metadata to validate metadata was correctly fetched from Shibboleth 
    
4. Click Add to save Identity provider

5. Click Save

6. After above configuration is done, a new login button appears on the Secure Access login page

7. Copy and send Redirect URI to Shibboleth admin (they need that on Shibboleth side configurations)
 

8. Add mappers to Identity Provider
Open Identity provider and go to Mappers tab

Add at least username_mapper, email_mapper, firstname_mapper and lastname_mapper. You need to add also groups_mapper if you want to us Shibboleth groups for Matrix42 Pro and IGA permissions. Mappers attribute names and name formats might not be same as in example screenshots, that depends how Shibboleth is configured to send claims (consult Shibboleth admin for correct values for mappers).
 

Username mapper

email mapper

firstname mapper

lastname mapper

groups mapper

9. Finalize Shibboleth side configurations

10. Test login and logout use cases

We do not provide customer instructions for Shibboleth side configurations as Shibboleth can be configured multiple different ways, depending on environment needs.