⚙️ Organization settings
Organization settings
The organization settings contains the organisation details such as ID and name.
Details
This section allows you to edit the name of the organization. You can find the unique identifier for our organization.
Single sign-on (SSO)
Single Sign-On (SSO) is a form of authentication in which a user only needs to log in once to access multiple applications. This module makes it possible to integrate with any system that supports SSO via the SAML 2.0 protocol such as Active Directory or Okta.
For security reasons, this setting needs to be requested through support.
The configuration screen consists of several parts:
- Settings for a user
-
- Add new users to all projects within the organization
- Enforce user roles via SSO
- Duco Adaptive IDP roles will be overwritten with the highest provided AD role at every login request
- Updating roles in user management will be disabled
- Default role of each user (you can change the role in the user management after the first login of the user).
- The default language of the software for the user. You can change this in the user management module or the user can change it himself in his or her profile.
-
- Allowed domains (required)
-
- Users belonging to the domains listed here will be redirected to your SSO flow.
- You can still create new users with other domain names which will be able to log in using a username and password
-
- Folders of user properties in Duco Adaptive IDP on the properties of your system. The properties you can map (add via 'add new attribute' button) are
-
- first name
- last name
- language
- email address
-
- Service provider metadata (SP XML)
-
- Copy the Metamaze metadata url to add to your SSO IDP (identity provider).
- Paste your metadata into the text box
-
To configure your identify provider, you can use the following values
Key | Value |
EntityId / Audience URL | https://app.metamaze.eu/gql/sso/metadata |
ACS / Reply / SSO URL | https://app.metamaze.eu/gql/sso/authenticate/<organisationId> |
Metadata XML | Click on "View metadata" button to download the correct XML. |
Managing roles via SSO
To map Active Directory groups to Duco Adaptive IDP roles and override the default role that was configured in the settings, you can use the following attribute mappings
Metamaze role | AD Group |
Admin | GR Metamaze_Admin, ou=Authorization Groups, ou=Groups |
Manager | GR Metamaze_Manager, ou=Authorization Groups, ou=Groups |
Operator | GR Metamaze_Operator, ou=Authorization Groups, ou=Groups |
Validator | GR Metamaze_Validator, ou=Authorization Groups, ou=Groups |
Labeler | GR Metamaze_Labeler, ou=Authorization Groups, ou=Groups |
If multiple roles are provided in the request, the highest one will be taken based on the order in the table right above. Groups that don't match the AD Groups defined above will be ignored.
If no matching roles are provided in the request, the default role as configured will be used.
Roles provided by attribute mappings are only applied during account creation. After that, the roles are defined only in Duco Adaptive IDP and the SSO-provided roles are ignored.
Changing AD Groups for existing users will not change them in Duco Adaptive IDP. If you want to change the role of a user, you can do that in the corresponding user management section of the Duco Adaptive IDP settings.