Passly IdP SSO setup instructions

SECURITY  Master role

Passly is a cloud-based identity management service that allows you to access applications with single sign on. This article guides you through how to integrate KaseyaOne with Passly IdP. After successful integration, users will be able to access KaseyaOne from the Passly User Portal or from the KaseyaOne login page using Passly credentials.

Supported features

  • IdP-initiated SSO

  • SP-initiated SSO

  • Just-in-time provisioning

Prerequisites

  • Master user account in KaseyaOne and Administrator account in Passly

  • Users must have the same email address in KaseyaOne and Passly

Before starting, it is recommended that you open two tabs in your browser — one for KaseyaOne and one for the Passly Admin portal.

  1. Open a browser and log in to KaseyaOne.

  2. In a separate browser tab. log in to the Passly Admin Portal as a system administrator.

  3. Navigate to SSO Manager > Application Library on the left navigation menu.

  4. Click the plus icon + to add a new application to the library.

  5. Search for Kaseya in the application catalog (Find an app in the catalog) and select it.

  6. On the Application Configuration tab that opens:

    • Enter a name for your application.

    • Select the Application is Enabled check box.

    • Click Add Application.

  7. Go to the Protocol Setup tab and configure the following settings — leave the others as default:

    • Assertion Consumer URL: Enter the URL: https://api-one.kaseya.com/api/v1/sso/saml-callback

    • Select the Allow Multiple Audiences check box.

    • Audience URI: Enter the following:  https://one.kaseya.com

    • Service Entity ID: Enter the following: https://one.kaseya.com

    • Identity Issuer: Copy the value in this field and do the following:

      1. Go to the KaseyaOne tab in your browser.

      2. Navigate to the Admin Settings > Third-Party IdP view.

      3. Paste the value into the Identity Provider Issuer field.

    • Click Save Changes when done. The newly added application appears in the Application Library list. Drill down on the newly added application to open it.

  8. Go to the Attribute Transformation tab and configure the following attributes:

    • email: {User.EmailAddress}

    • CompanyIdentifier: Enter the KaseyaOne Company Identifier here. To obtain find this identifier:

      1. Go to the KaseyaOne tab in your browser, navigate to the Admin Settings > Third-Party IdP view and copy the Company Identifier field value.

        Example 1: <8000000-00000-0000-00000000-00000000-0000-0000-0000-000000000000>
        Example 2: <Organization-8000000-00000-0000-00000000-00000000-0000-0000-0000-000000000000>

      2. Go back to the Passly tab in your browser and paste the value in the corresponding field.

    • DisplayName: {User.DisplayName}

    • Username: {User.PrincipalName}

    • SecurityGroups: {User.Groups}

    To configure the attributes:

    • Click Edit to modify an existing attribute mapping or Add Custom Attribute Map to add a new mapping.

    • Clear the Enable Extended Properties check box, then click Update/Add Mapping.

    • Click Save Changes when done.

  9. Go to the Signing and Encryption tab and download the Passly certificate to your local drive.

  1. Go to the KaseyaOne tab in your browser.

  2. Navigate to the Admin Settings > Third-Party IdP view.

  3. Upload Passly's IdP certificate that you downloaded in Step 1, #9.

  4. Turn on the Enable Single Sign-On via SAML toggle to enable SSO integration.

  1. Go back to the Passly tab in your browser.

  2. Click SSO Manager > Application Library on the left navigation menu, then drill down on the (new) application.

  3. Go to the Permissions tab and click Add Groups.

  4. Select one or more groups and then click Add Groups.

    Users assigned must have the same email address in Passly and KaseyaOne to make SSO login work.

You can test your Passly SSO integration by logging in from either Passly (IdP-initiated login) or the KaseyaOne login page (SP-initiated login).

  1. Log out of KaseyaOne.

  2. In the Passly tab in your browser, click Launchpad on the left navigation menu and then click the Kaseya Test 3rd party IdP application.

  3. Verify that you are redirected to and logged in to KaseyaOne.

  1. Log out of KaseaOne.

  2. Log back in to KaseyaOne as follows:

    • Enter the Username and Company Name for your account and click Next.

    • Click Log In with Single Sign-On.

  3. If already logged in to Passly, verify that you are redirected to and logged in to KaseyaOne.

  4. If not already logged in to Passly:

    • You will be redirected to the Passly login page — enter your credentials and complete the user login process.

    • Verify that you are redirected to and logged in to KaseyaOne.