Skip to end of metadata
Go to start of metadata

Introduction

Jitterbit Harmony supports single sign-on (SSO) with Microsoft Azure Active Directory (AD) using SAML 2.0. This page shows how to set up and test Jitterbit Harmony SSO with Azure AD by following these steps:

  1. Setting Up a SAML Application in Azure AD
    Configure Jitterbit Harmony as an application in the Microsoft Azure portal. As part of this process, you will also obtain the identity provider metadata and assign users to the application.
  2. Constructing the Service Provider Metadata
    Construct the service provider metadata you will need to use as input for configuring SSO in Jitterbit Harmony.
  3. Configuring SSO in Jitterbit Harmony
    Configure and test Azure AD as the SSO provider in the Jitterbit Harmony Portal. You will need to use the identity provider metadata and service provider metadata obtained in the previous steps.
  4. Testing SSO in Azure AD
    Finally, test from within the Microsoft Azure portal to confirm that SSO is working.

After SSO is configured in both Azure AD and Jitterbit Harmony, members of your Jitterbit Harmony organization will be able to use their Azure AD credentials to log in to Jitterbit Harmony.

For additional information, see the Microsoft Azure documentation Configure SAML-based single sign-on.

Prerequisites

To set up Azure AD as an identity provider, Microsoft Azure AD Premium P2 edition is required.

SAML and Callback URLs

During configuration, the SAML and callback URLs referenced throughout this page should be replaced with the URL values appropriate for your region (see Finding My Region).

SAML URLs

Callback URLs

1. Setting Up a SAML Application in Azure AD

Follow these steps to set up Jitterbit Harmony as a SAML application in the Microsoft Azure portal. As part of this process, you will also obtain the identity provider metadata and assign users to the application.

  1. Log in to the Microsoft Azure portal.

  2. In the Microsoft Azure portal, go to the Enterprise applications blade and click New application:

  3. On the Add an application screen under Add your own app, select Non-gallery application:

  4. On the Add your own application screen, enter a name for the new application, such as Jitterbit. Then click Add:

  5. On the Overview screen for the new application, under the Manage category on the left, select Single sign-on:

  6. On the Single sign-on screen for the new application, under Select a single sign-on method, select SAML:

  7. On the SAML-based Sign-on screen, edit the first step, Basic SAML Configuration:

  8. On the Basic SAML Configuration screen, enter the following into these configuration fields, then click Save and close. For more information about each parameter, see the Microsoft Azure documentation Configure SAML-based single sign-on.

    • Identifier (Entity ID): Enter the SAML URL for the Jitterbit Harmony region (see SAML URLs). The Default checkbox should be selected.
    • Reply URL (Assertion Consumer Service URL): On separate lines, enter the callback and SAML URLs for the Jitterbit Harmony region (see SAML and Callback URLs). The Default checkbox should be selected for the SAML URL.
  9. On the SAML-based Sign-on screen, edit the second step, User Attributes & Claims:

  10. By default, Microsoft Azure uses the user.userprincipalname as the identifier, which is onemicrosoft.com. This needs to be updated to user.othermail. To open the claim for modifying, click the row with a Claim name of Unique User Identifier (Name ID):

  11. On the Manage claim screen, change the Source attribute field from user.userprincipalname to user.othermail. Then click Save and close.

  12. On the SAML-based Sign-on screen, in the third step, SAML Signing Certificate, download the Federation Metadata XML. (You will need this metadata when configuring SSO in Jitterbit Harmony for the Identity Provider Metadata field.)

  13. Under the Manage category on the left, select Users and groups. Then click Add user and and add each member of the Jitterbit Harmony organization that will log in to Jitterbit Harmony using Azure AD credentials. Repeat for each user.

  14. After adding each user, provide an Alternate email that matches the Jitterbit Harmony username.

    NOTE: These users also need to be members of the Jitterbit Harmony organization with SSO enabled, as described under Adding New Members in Registering and Logging In Using Jitterbit Harmony SSO.

2. Constructing the Service Provider Metadata

Use these instructions to construct the input for the Service Provider Metadata field required for configuring SSO in Jitterbit Harmony.

WMC

This section shows how to construct the XML metadata for the Harmony Portal, to be entered for the WMC client.

NOTE: Although the user interface refers to WMC (the former name for the Management Console), the WMC Harmony client configuration applies to all of the web-based products accessible via the Harmony Portal, which includes Cloud Studio, API Manager, Marketplace, Management Console, and Citizen Integrator.

Use the sample provided below, replacing the values for entityID and Location with the SAML URL for the Jitterbit Harmony region (see SAML URLs ).

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    entityID="https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/saml">
    <md:SPSSODescriptor
        protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
        <md:AssertionConsumerService index="1" isDefault="true"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
            Location="https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/saml"/>
    </md:SPSSODescriptor>
</md:EntityDescriptor>

Studio

This section shows how to construct the XML metadata for Design Studio, to be entered for the Studio client.

Use the sample provided below, replacing the value for entityID with the SAML URL and the value for Location with the callback URL for the Jitterbit Harmony region (see SAML and Callback URLs ).

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    entityID="https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/saml">
    <md:SPSSODescriptor
        protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
        <md:AssertionConsumerService index="1" isDefault="true"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
            Location="https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/login/studio/callback"/>
    </md:SPSSODescriptor>
</md:EntityDescriptor>

3. Configuring SSO in Jitterbit Harmony

Follow the instructions for Configuring SSO in the Management Console. When entering information into the Edit Organization SSO Provider Info screen, use the values obtained above:

Click Test Configuration for each Harmony client and then click Save. Both clients need to be successfully tested before the Save button becomes enabled.

4. Testing SSO in Azure AD

Test from within the Microsoft Azure portal to confirm that SSO is working. If you still have the browser open from creating the SAML application, you can begin at step 4 below.

  1. Log in to the Microsoft Azure portal.

  2. Go to the Enterprise applications blade and click the SAML application you just created.
  3. Under the Manage category on the left, select Single sign-on.
  4. On the SAML-based Sign-on screen, in the fifth step, Test single sign-on with <Application>, click Test:

  5. In the next screen, click Sign in as current user:

  6. If the test is successful, the response will indicate that Azure AD has successfully issued a token (SAML response) to the application (service provider):

  • No labels