Configuring Single Sign-On (SAML)

Overview

Spambrella now supports integration with Identity Providers for authentication adhering to Security Assertion Markup Language (SAML) standards. Multiple identity providers for an organization are fully supported.

The service supports single sign-on (SSO) via Security Assertion Markup Language. When working with an external IdP, it can be set up as your identity provider (IdP) for SSO to the Admin Console.

Creating An Identity Provider (IdP) For Single Sign-On

  1. Navigate to Administration > Account Management > Identity Providers.
  2. At the top right-hand corner, click ADD IDENTITY PROVIDER.
  3. In the New Identity Provider dialog panel, add a meaningful name and description to the Identity Provider. The given name will display on the Identity Provider button on the main login screen.
  4. In the Icon section, select the appropriate icon according to your desired integration.
  5. Click Next.
  6. Configure the necessary SAML assertions for Single Sign-On configuration to be used in the organization’s Identity Provider portal. Copy and paste into your Identity Provider.Entity ID – Some vendors may refer to it as Assertion Consumer Service, Identifier, or Entity ID. This dictates the entity or audience the SAML Assertion is intended for. This field is frequently referred to as the Entity ID or Audience URI by vendors. It can technically be any string of data up to 1024 characters long but is usually in the form of a URL that contains the Service Provider’s name within and is often simply the same URL as the ACS.Login URL – Sign-on URL is used if you would like to perform service provider-initiated single sign-on.Logout URL – This URL is used to send the SAML logout response back to the application..X.509 Certificate – Certificate used to sign SAML tokens issued to your Spambrella.
  7. Configure the necessary SAML assertions for Single Sign-On configuration to be used. Copy and paste from your Identity Provider.
  8. Turn on the Identity Provider by clicking Enable Single Sign-On. When enabled, the Identity Provider Sign-in button will display on main login screen.
  9. Click Save and Close.

Identity Provider Integration Guides

Microsoft Azure IdP Integration Guide
This document describes identity management methods employed when operating opposite Microsoft Azure Active Directory (AD) Security Assertion Markup Language (SAML) standards.

Okta IdP Integration Guide
This document describes identity management methods employed by various applications when integrated with Okta Identity Cloud (Okta) Security Assertion Markup Language (SAML) standards.

Configure Organization Single Sign-On Login Settings

See Article Configure Organization Login Settings

FAQ

Will any other third-party Identity providers be made available in the future?

Spambrella/Proofpoint seamlessly integrates with various third-party Identity Providers including Microsoft Azure Active Directory and Okta Identity Cloud. Further third-party Identity Providers will be added soon, including G Suite/Google Cloud Identity, as well as any SAML 2.0 capable system. No ETA is available at this time.

Will I receive a notification if my SSO settings are changed?

Yes, an email will be sent to the organization tech contact informing them of a change and include details of the type of change (Added, Deleted or Changed)

If I have an account on multiple sites, will I be prompted to enter a passcode for each account?

To ensure a greater security posture across all sites, if you have multiple accounts, you will be required to enter a passcode when logging in, per account, per site.  Upon successful login, you will not be prompted to enter another passcode for 12 hours.

Will two-step authentication work with my SSO provider?

Yes, you can use your identity provider 2 step authentication process to log in.