Domo SAML Single Sign-On (SSO)
This topic describes how to configure Domo for SAML SSO in CyberArk Identity.
This application template supports the following features:
Identity provider (IdP)-initiated SSO
Service provider (SP)-initiated SSO
You can choose one or both methods.
Prerequisites for Domo SSO
Before configuring the Domo application for SSO, you need the following information:
A dedicated domain name. This domain name appears in the login URL https://<Domain_Name>.domo.com that you received in an email from Domo.
An Admin default security role or a custom role in Domo with Manage All Company Settings enabled to set up SAML.
Configure the Domo application template in the Identity Administration portal
Perform these steps in the Identity Administration portal to configure the Domo application template for SSO.
Step 1: Add the Domo web application template.
In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.
On the Search page, enter the application name in the Search field and click the search button.
Next to the application name, click Add.
On the Add Web App page, click Yes to confirm.
Click Close to exit the Application Catalog.
The application opens to the Settings page.
Step 2: Configure the Trust page.
Click Trust to go to the Trust page.
In the Identity Provider Configuration section, select Manual. Copy the Identity provider URL that issues the SAML 2 security token and Identity Provider Login Page values and save them so you can use them later when you configure the SAML integration in Domo.
Download the Signing Certificate.
In the Service Provider Configuration section, select Manual Configuration, then enter the following information. Click Save after you finish.
SP Entity ID
Assertion Consumer Service (ACS) URL
Step 3: Configure the Permissions page to grant Domo users SSO access.
Grant SSO access to Domo by assigning permissions to users, groups, or roles.
On the Permissions page, click Add.
Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.
The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.
Select the permissions you want and click Save.
Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.
Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.
Step 4: Review and save.
Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.
Configure Domo for SAML single sign-on
Perform these steps in Domo to configure the Domo application template for SSO.
Sign in to Domo using an administration account.
Click More, then go to Admin > Authentication > SAML (SSO).
Click Enable Single Sign-on.
Enter the IdP information you copied from the CyberArk Trust page.
Corresponding Field in Domo
Identity Provider Login Page Identity provider cl URL Identity provider URL that issues the SAML 2 security token Entity ID Signing Certificate file Upload x509 certificate to authenticate request
Test the Domo SSO configuration
Now that you have finished setting up Domo with CyberArk Identity, users can access Domo with SSO.
Sign in to CyberArk Identity with the user account you just added.
Click the Domo application tile to launch Domo in a new tab and automatically sign in.
Go to https://<your-domain>.domo.com/auth/saml.
Authenticate to the CyberArk IdP.
You are then redirected to the Domo application.