Code42 SAML Single Sign-On (SSO) integration

This topic describes how to configure Code42 for Single Sign-On (SSO) in CyberArk Identity using SAML.

Code42 SSO supported features

This application template supports SP-initiated SSO.

Prerequisites for Code42 SSO

Before configuring Code42 for SSO, you need the following:

  • A Code42 administrator account

  • Users who will need SSO access must already be added to Code42.

Configure the Code42 app template in the Identity Administration portal

Perform these steps in the Identity Administration portal to configure the Code42 application template for SSO.

Step 1: Add the Code42 web app template.

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure the Trust page.

  1. Click Trust to go to the Trust page.

  2. In the Identity Provider Configuration section, select Metadata, then click Download Metadata File to download the IdP metadata. You will need this file later when you configure the SAML integration in Code42.

    You will configure the SP after you Configure Code42 for SAML single sign-on

  3. Click Save.

Step 3: Configure the SAML Response page.

  1. Verify the following attributes with the Code42 attribute name in the Attribute Name column and the CyberArk attribute in the Attribute Value column.

    Attributes are case-sensitive.

    Attribute Name Attribute Value

    givenName

    LoginUser.firstName
    sn LoginUser.lastName

    mail

    LoginUser.email

  2. Map any other attributes that you want to pass in the SAML response, then click Save.

Step 4: Configure the Permissions page to grant Code42 users SSO access.

Grant SSO access to Code42 by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 5: Review and save.

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Code42 for SAML single sign-on

Perform these steps in Code42 to configure the Code42 application template for SSO.

  1. Sign in to the Code42 console.

  2. Go to Administration > Integrations > Identity Management.

  3. Click Add > Add a new authentication provider.

  4. Enter the following information.

    Field

    Action
    Display Name Enter a name for the IdP to display to users who sign in with SSO.
    Provider's Metadata Upload the metadata file you downloaded from the CyberArk IdP.

  5. Click Create Provider.

    Code42 automatically displays the name of the IdP.

  6. Click the name of the authentication provider.

  7. In the Attribute Mapping section, leave the default values as they are.

  8. In the Organizations in use section, click the pencil icon to edit, select the authentication provider as the organization to use for SSO, and click Save.

  9. Go to Administration > Environment > Organizations.

  10. Click your authentication provider.

  11. In the Authentication section, edit the Authentication provider. For the Authentication method select SSO, and for the Authentication provider select the name of the authentication provider.

  12. Click Save.

  13. Confirm that the Code42 SSO users exist in CyberArk Identity, and that the SP and IdP both use the same usernames.

  14. You need to configure the SP in the Identity Administration portal. In the Code42 console, click Administration > Identity Management > <authentication provider>. Copy the Code42 service provider metadata URL and save it. Go to the Identity Administration portal Trust page for Code42. In the Service Provider Configuration section, select Metadata. Paste the URL you just copied into the URL field, click Load, then save.


Test the Code42 SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Code42, Code42 users can benefit from SP-initiated SSO.

  1. Go to the Code42 login page at https://console.us.code42.com/login/#/login.

  2. Enter your email address and sign in.

  3. Select your IdP.

  4. You are redirected to the IdP for authentication. After successful authentication, you are redirected back to Code42, which displays the web interface.

Additional information

See the Code42 documentation for additional resources:

How to configure SSO in your Code42 environment - Code42 Support