Atatus SAML Single Sign-On (SSO) integration

This topic describes how to configure Atatus for SAML SSO in CyberArk Identity.

Atatus SSO supported features

This application template supports the following features:

• IdP-initiated SSO

• SP-initiated SSO

• Just-in-time (JIT) provisioning

Prerequisites for Atatus SSO

Before you configure Atatus for SSO, make sure you have an account in Atatus with administrator access.

Configure the Atatus application template in the Identity Administration portal

Perform these steps in the Identity Administration portal to configure the Atatus application template for SSO.

Step 1: Add the Atatus web app template.

1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

   

2. On the Search page, enter the application name in the Search field and click the search button.

3. Next to the application name, click Add.

4. On the Add Web App page, click Yes to confirm.

5. Click Close to exit the Application Catalog.

   The application opens to the Settings page.

Step 2: Configure the Trust page.

1. Click Trust to go to the Trust page.

2. In the Identity Provider Configuration section, select Metadata, then click Download Metadata File to download the IdP metadata.

   This file is used later when you configure the SAML integration in Atatus.

   

3. In the Service Provider Configuration section, select Manual Configuration.

4. Open a another browser window and sign in to the Atatus application using your administrator credentials. Go to Settings > Account Settings > Single sign-on.

5. Copy the following values from Atatus and paste them into the corresponding fields in the Service Provider section in CyberArk Identity.

   Copy from Atatus application	Paste into CyberArk
   Account ID	SP Entity ID
   Atatus SAML endpoint URL found in Settings > Account Settings > Single sign-on	Assertion Consumer Service (ACS) URL

   

6. Click Save.

Step 3: Configure the Permissions page to grant Atatus users SSO access.

Grant SSO access to Atatus by assigning permissions to users, groups, or roles.

1. On the Permissions page, click Add.

2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

   The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

3. Select the permissions you want and click Save.

   Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

   Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 4: Review and save.

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Atatus for SAML single sign-on

Perform these steps in Atatus to configure the Atatus application template for SSO.

1. Go to Settings> Account Settings > Single sign-on.

2. Upload the SAML metadata file from CyberArk Identity IdP.

3. Click Save SSO.

Test the Atatus SSO configuration

Now that you have configured the application template settings, Atatus users can benefit from SP-initiated SS and IdP-initiated SSO.

1. Sign in to CyberArk Identity with the user account you just added.

2. Click the Atatus application tile to launch Atatus in a new tab and automatically sign in.

1. Go to your Atatus account sign-in page.

2. Enter your Atatus Account ID and click Log in to your account with SSO.

3. You are redirected to the IdP for authentication. After successful authentication, you are redirected back to Atatus, which displays the web interface.

Additional information

See the Atatus documentation for additional resources:

Atatus Single Sign-On