AlertOps SAML Single Sign-On (SSO)

This topic describes how to configure AlertOps for Single Sign-On (SSO) in CyberArk Identity using SAML.

Supported features

This application template supports the following features:

  • Identity provider (IdP)-initiated SSO

  • Service provider (SP)-Initiated SSO

Prerequisites for AlertOps SSO

Before you configure the AlertOps web application for SSO, you must create an account in AlertOps with administrator access.

Configure the AlertOps application template in the Identity Administration portal

Perform these steps in the Identity Administration portal to configure the AlertOps application template for SSO.

Step 1: Add the AlertOps web app template.

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure the Trust page.

  1. Click Trust to go to the Trust page.

  1. In the Identity Provider Configuration section, select Manual, then copy and save the Identity Provider URL, Identity Provider Login Page URL, and Logout Landing Page. You will need this information when you configure AlertOps.

  2. Click Download to download the Signing Certificate. You will need this certificate later when you configure AlertOps.

  3. In the Service Provider Configuration section, select Manual Configuration, then enter the following information and click Save.

    Setting Description

    SP Entity ID

    		 https://<your-domain>.alertops.com/Login.aspx

    Assertion Consumer Service (ACS) URL

    		 https://<your-domain>.alertops.com

Step 3: Configure the Permissions page to grant AlertOps users SSO access.

Grant SSO access to the application by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 4: Review and save.

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure AlertOps for SAML SSO

Perform these steps in AlertOps to configure the AlertOps application template for SSO.

  1. Sign in to the AlertOps application with your administrator credentials.

  2. Select Account Settings from the bottom left menu.

  3. Click the SSO tab.

  4. Select Use Single Sign-On (SSO).

  5. For SSO Provider, select Other.

  6. Complete the following fields.

    Field

    Action

    Issuer URL

    Enter the Identity Provider URL copied from the IdP.

    SAML endpoint URL Enter the Identity Provider Login Page URL copied from the IdP.
    SLO endpoint URL

    Enter the Logout Landing Page URL copied from the IdP.

    SAML Signature Algorithm Select SHA256.
    X-509 Certificate Paste the certificate you downloaded from the IdP.

  1. Click Save.

Test the AlertOps SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and AlertOps, users can benefit from IdP-initiated and SP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk Identity User Portal with the user account you just added.

  2. Click the AlertOps application tile to launch AlertOps in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to your organization's AlertOps SSO URL.

  1. Click Sign in with your Identity Provider.

  2. You are redirected to the IdP. After you successfully authenticate on the IdP, you are redirected back to AlertOps, which displays the web interface.

Additional information

See your AlertOps documentation for additional resources:

Generic SSO Provider Configuration | AlertOps Help Center

Single Sign-On (SSO) | AlertOps Help Center