Domo SAML Single Sign-On (SSO)

This topic describes how to configure Domo for SAML SSO in CyberArk Identity.

Supported features

This application template supports the following features:

  • Identity provider (IdP)-initiated SSO

  • Service provider (SP)-initiated SSO

You can choose one or both methods.

Prerequisites for Domo SSO

Before configuring the Domo application for SSO, you need the following information:

  • A dedicated domain name. This domain name appears in the login URL https://<Domain_Name>.domo.com that you received in an email from Domo.

  • An Admin default security role or a custom role in Domo with Manage All Company Settings enabled to set up SAML.

Configure the Domo application template in the Identity Administration portal

Perform these steps in the Identity Administration portal to configure the Domo application template for SSO.

Step 1: Add the Domo web application template.

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure the Trust page.

  1. Click Trust to go to the Trust page.

  2. In the Identity Provider Configuration section, select Manual. Copy the Identity provider URL that issues the SAML 2 security token and Identity Provider Login Page values and save them so you can use them later when you configure the SAML integration in Domo.

  3. Download the Signing Certificate.

  4. In the Service Provider Configuration section, select Manual Configuration, then enter the following information. Click Save after you finish.

    Setting Description

    SP Entity ID

    		 https://<your-domain>.domo.com/auth/saml

    Assertion Consumer Service (ACS) URL

    		 https://<your-domain>.domo.com

    NameID Format

    		 Select Email.

Step 3: Configure the Permissions page to grant Domo users SSO access.

Grant SSO access to Domo by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 4: Review and save.

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Domo for SAML single sign-on

Perform these steps in Domo to configure the Domo application template for SSO.

  1. Sign in to Domo using an administration account.

  2. Click More, then go to Admin > Authentication > SAML (SSO).

  3. Click Enable Single Sign-on.

  4. Enter the IdP information you copied from the CyberArk Trust page.

    From CyberArk

    Corresponding Field in Domo
    Identity Provider Login Page Identity provider cl URL
    Identity provider URL that issues the SAML 2 security token Entity ID
    Signing Certificate file Upload x509 certificate to authenticate request

  1. Click Save.

Test the Domo SSO configuration

Now that you have finished setting up Domo with CyberArk Identity, users can access Domo with SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk Identity with the user account you just added.

  2. Click the Domo application tile to launch Domo in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to https://<your-domain>.domo.com/auth/saml.

  2. Authenticate to the CyberArk IdP.

    You are then redirected to the Domo application.