Introduction

OpsRamp provides you with the capability to build your integration using the Custom SSO Integration framework.

Custom SSO integration is configured between OpsRamp and your application if any third-party or other in-house applications are not present in the Available Integrations list.

SSO integration configuration involves your application and OpsRamp platform to configure redirects to your custom branding URL.

Prerequisites

  • SAML EndPoints for HTTP
  • x.509 Certificate (metadata XML file)
  • Identity provider Issuer URL
  • Logout URL

Configure Custom (SSO) integration

Follow these steps to configure Custom (SSO) integration:

  1. Click All Clients, select a client.

  2. Click Setup > Account.

  3. Select the Integrations tile.

  4. The Installed Integrations screen is displayed, with all the installed applications. Click + ADD on the Installed Integrations page.

  5. If you do not have any installed applications, you will be navigated to the Available Integrations page. The Available Integrations page displays all the available applications along with the newly created application with the version.
    Note: Search for the application using the search option available. Alternatively, use the All Categories option to search.

  6. Click +ADD on the Custom (SSO) tile.

    Custom SSO - Configuration screen
  7. Enter the following information in the Configuration screen:

    Table Note

    CONFIGURE

    Field NameField TypeDescription
    NameStringEnter a unique name for the integration.
    DescriptionStringProvide a description for the integration.
    Metadata XMLFile inputUpload the XML file. This file will have all the information related to Issuer URL, Redirection URL, Logout URL, and Certificate.
    After you upload the Metadata XML file, these fields are automatically populated.
    Alternatively, you can enter the information in the fields manually.
    Issuer URLStringIdentity provider Issuer URL.
    Redirection URLStringSAML EndPoints for HTTP.
    Logout URLStringURL for logging out.
    CertificateStringx.509 Certificate
    Provision Username as
    There are two ways to provision a user. Select the appropriate option.
    Radio buttonIdentify Provider's Name Identifier
    option is selected by default. The user which is created in the SSO portal will reflect in OpsRamp.

    Identify Provider's Name Identifier with OpsRamp tenant-unique prefix
    This option allows you to:
    • Create usernames with a unique 3-digit alphanumeric prefix, that is generated automatically by the system.
    • Install the same identity provider across multiple OpsRamp tenants.
      Note: Once you enable this option and install the integration, you cannot revert your changes.
    • Example: There are three partners, Partner P1, P2, and P3. Each partner has usernames created with unique 3-digit alphanumeric prefix, like g0z.username1 for partner P1, p0w.username1 for partner P2, and t9q.username1 for partner P3.
  8. Click Next. The Inbound screen is displayed.

    Custom SSO - Inbound screen
  9. Click the edit icon and enter the following information:

    USER PROVISION

    Field NameField TypeDescription
    Provision TypeDropdownIf you select provision type as JIT, JIT user is created during user login.
    Default RoleDropdownThe required user role.

    MAP ATTRIBUTES: Map the tenant entity attributes with OpsRamp entity.
    Click +ADD and enter the following information in the ADD MAP ATTRIBUTES window:

    Custom SSO Integration Inbound mapping attributes screen

    Note: The OpsRamp properties Primary Email, First Name, Last Name, and Role are required. Map the attributes for User and User Group accordingly.

    Field NameField TypeDescription
    OpsRamp EntityDropdownSelect OpsRamp entity from the dropdown.
    OpsRamp PropertyDropdownSelect OpsRamp property from the dropdown. It will change based on entity selection.
    CUSTOM-SSO EntityStringEnter the Custom SSO Entity in the box.
    CUSTOM-SSO PropertyStringEnter the Custom SSO Property in the box.

    PROPERTY VALUES: Click +PROPERTY VALUE. Enter the following information and click SAVE:
    Note: This section is displayed based on the OpsRamp Entity and OpsRamp Property selected.

    Field NameField TypeDescription
    CUSTOM-SSO Property ValueStringEnter custom SSO property value in the box.
    OpsRamp Property ValueDropdownSelect a value from the dropdown.
    Based on the OpsRamp Property selected, the options in this field change.
  10. Click ADD MAP ATTRIBUTES. The mapped information is displayed in the MAP ATTRIBUTES section.

    • Click +ADD to add additional map attributes.
    • Use the three dots menu to edit or remove the map attributes.
    • Use Filter to filter the map attributes.

    Note: If Role is not configured in Map Attributes section, the Default Role provided in USER PROVISION section is considered for SSO.

  11. Click FINISH. The custom SSO integration is installed and displayed under Installed Integrations.

Actions on Integration

You can perform actions like View Logs, Export, Edit, and Uninstall on the integration.

Audit Logs

View Inbound logs from the View Logs option for the integration. You can view if the event was successful or not.

See Audit Logs for more information.