Postman SAML Single Sign-On (SSO) integration

This topic describes how to configure Postman for Single Sign-On (SSO) in CyberArk Identity using SAML.

Postman SSO supported features

This application template supports the following features:

  • IdP-initiated SSO

  • SP-initiated SSO

  • Just-in-time (JIT) provisioning

Prerequisites for Postman SSO

Before you configure Postman for SSO, make sure you have an account in Postman with administrator access.

Configure the Postman app template in the Identity Administration portal

Perform these steps in the Identity Administration portal to configure the Postman application template for SSO.

Step 1: Add the Postman web app template.

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure the Trust page.

  1. Click Trust to go to the Trust page.

  2. In the Identity Provider Configuration section, select Manual Configuration, then copy and save the Identity Provider URL, Signing certificate, and the Single Sign-On URL. You will need them later.

  3. In the Service Provider Configuration section, select Manual Configuration, then enter the following SAML settings and click Save after you finish. See Configure Postman for SAML single sign-on to obtain these values.

    Setting Description

    SP Entity ID

    Assertion Consumer Service (ACS) URL

    		 Obtain from the Postman SP configuration.
    Relay State Obtain from the Postman IdP configuration.

Step 3: Configure the Permissions page to grant Postman users SSO access.

Grant SSO access to Postman by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 4: Review and save.

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Postman for SAML single sign-on

Perform these steps in Postman to configure the Postman app template for SSO.

  1. Sign in to Postman as an administrator.

  2. Go to Team > Team Settings > Authentication.

  3. Click Add a new authentication method.

  4. Enter the following information:

    Field

    Action
    Authentication Type

    Select SAML 2.0 from the dropdown list.
    Authentication Name

    Enter a name to identify this authentication configuration. For example, CyberArk Identity.

  5. Click Continue.

  6. In the Service provider details (Postman) section, note down the values for Login URL, ACS URL, and Entity ID. You need these values for the SP configuration in CyberArk Identity.

  7. In the Identity provider details section, paste the following values that you copied from CyberArk Identity IdP configuration into their corresponding fields in Postman.

    Copy from CyberArk Identity

    Paste into Postman field
    Single Sign On URL Identity Provider SSO URL
    IdP Entity ID/Issuer Identity Provider Issuer
    Signing Certificate X.509 Certificate

  8. Click Generate relay state and note down the value.

  9. (Optional) If you want to enable just-in-time provisioning, select Automatically add new users using this authentication method to my team box.

    The first time a new user logs in to Postman through the IdP, a Postman account is created under two conditions: the team has seats available, and Allow Signups was selected during SSO configuration.

Test the Postman SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Postman, Postman users can benefit from SP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk IdentityUser Portal with the user account you just added.

  2. Click the Postman application tile to launch Postman in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to your organization's Postman SSO URL. This is the Login URL from the Service provider details (Postman) section. For example:

    https://identity.getpostman.com/sso/saml/f77fa043034d48b8a82ed8031b0bbe4f/init

  2. You are redirected to the IdP. After you successfully authenticate on the IdP, you are redirected back to Postman, which displays the web interface.

Additional information

See the following Postman documentation for additional resources:

Configuring SSO for a team | Postman Learning Center