OrgChart Now Help Guide

Table of Contents

SSO Configuration

Audience

Audience: Administrators Edition: Enterprise

Overview

Single-Sign-On (SS0) applications enable users to access all of their enterprise systems in one place. OrgChart supports SAML 2.0 Single Sign-On, which makes it compatible with most Identity Management Systems.

Administrators can integrate OrgChart Now with their Identity Management System directly in the OrgChart application.

OrgChart Metadata

OrgChart metadata differs depending on your server.

To find the OrgChart metadata relative to your server, enter the following into your URL search bar:

https://{SERVER NAME}.orgchartnow.com/saml/sso_metadata

For example, if your OrgChart account is hosted on https://unicorn2.orgchartnow.com, unicorn2 is the name of your server.

To find the unicorn2 metadata, enter http://unicorn2.orgchartnow.com/saml/sso_metadata into your URL search bar.

IDP SAML Configuration

Within your IDP, please ensure that the following SAML configuration options are populated correctly:

  • Single Sign on URL: https://{SERVER NAME}.orgchartnow.com/saml/sso acs?entityID=YOURENTITYID

  • Recipient URL: https://{SERVER NAME}.orgchartnow.com/saml/sso_acs

  • Destination URL: https://{SERVER NAME}.orgchartnow.com/saml/sso_acs

  • Audience Restriction: https://{SERVER NAME}.orgchartnow.com/saml/sso_metadata

  • Name ID Format: Email Address

Configuring SSO

  1. Log in to OrgChart.

  2. Select More > Account Settings, and then click on the Authorization option from the Settings dropdown menu.

  3. Click on the Plus_new.png icon (to the right of the SSO Configuration heading). The SSO Configuration panel is displayed.

    5_2_SSOConfig.png
  4. Enter the SSO Entity ID associated with your IDP (Identity Provider).

  5. Select the metadata type in the Metadata Type dropdown menu. Metadata types include:

    • Remote - Metadata can be accessed using a URL.

    • Local - Metadata is not publicly accessible.

  6. Enter the URL associated with your Remote metadata, or drag and drop your Local metadata into the SSO Configuration panel to upload it to OrgChart.

  7. Check the SSO Enabled checkbox to enable users to sign in to OrgChart through the IDP.

  8. Optionally, check the Auto Provision checkbox to create new users in OrgChart (if they do not already exist) when first accessing the application from the IDP.

  9. Optionally, check the Single Logout checkbox to enable SLO. When SLO is enabled, users who sign out of OrgChart will automatically be signed out of their IDP.

  10. Click Save.

SAML Attributes Handling

OrgChart Now can pull the security groups from your IDP, and map them to the appropriate Access Group created in OrgChart.

When SAML Attributes Handling is configured, OrgChart will always respect the security group assigned to a user in the IDP. So, if permissions are adjusted in your IDP, they will also be adjusted accordingly in OrgChart.

Follow these steps to configure SAML Attributes Handling:

  1. Log in to OrgChart.

  2. Select More > Account Settings, and then click on the Authorization option from the Settings dropdown menu.

  3. Click on the Plus_new.png icon (to the right of the SSO Configuration heading). The SSO Configuration panel is displayed.

  4. Scroll down in the SSO Configuration panel, until you reach the SAML Attributes Handling section.

    5_2_SSO_AttributesHandling.png
  5. Enter the SAML attribute group in the SAML Group Attribute text box.

  6. Click on the 5_2_Plus_zoomed.png icon to the right of the SAML Attributes Handling header.

  7. Enter the SAML attributes for the IDP group you want to map to an OrgChart Access Group in the IDP Security Group text box.

  8. Click on the Application Security Group dropdown menu, and then select the OrgChart Access Group that corresponds to the associated IDP Security Group.

  9. Repeat steps 6 - 8 as necessary.

  10. Click Save.

Verifying Your SSO Configuration

You can test your SSO configuration by copying and pasting the following URL into your web browser:

https://na2.orgchartnow.com/saml/sso_acs?entityID=YOURENTITYID

Note

YOURENTITYID is equal to the Entity ID in your company's metadata.