Skip to main content

SSO/SAML Configuration

Overview

This page describes how to configure SSO (Single Sign-On) and SAML (Security Assertion Markup Language) for Ganymede, depending on your SAML provider.

Okta

Follow these instructions in Okta’s documentation to create a new Okta SAML application.

The following fields should be used in your application:

FieldNotes
Single sign on URLhttps://ganymede-core.firebaseapp.com/__/auth/handler
Audience URIganymede.bio

Hide this SAML application tile from users - there are instructions below that explain how to create an Okta tile of Ganymede.

Once complete, the following information from your Okta application should be provided to Ganymede:

FieldNotes
Public CertificateMust start with "-----BEGIN CERTIFICATE-----", and end with "-----END CERTIFICATE-----".
Identity Provider Issuer (Entity ID)https://www.okta.com/{unique_key}
Identity Provider Single Sign-On URL (SSO URL)https://{org}.okta.com/app/{org}_ganymede_1/{unique_key}/sso/saml

On the right-side panel of the Okta application window, there is a link to SAML setup. The fields above can be found in that window, and should be shared with Ganymede.

Create Bookmark App

There is a known issue between Okta and Firebase, where the Okta tile will not redirect properly to the Ganymede site. After the SAML application above is configured and working properly, create a new Okta bookmark application that links to your Ganymede tenant.

The png below can be used as the image for the Ganymede tile:

Ganymede Logo

Google

Follow these instructions in Google's documentation to create a new Google SAML application.

The following fields should be used in your application:

FieldNotes
ACS URLhttps://ganymede-core.firebaseapp.com/__/auth/handler
Entity IDganymede.bio

Once complete, the following information from your Google application should be provided to Ganymede:

  • SSO URL
  • Entity ID
  • Certificate

Azure

Follow these instructions in Microsoft's documentation to create a new Azure SAML application.

The following fields should be used in your application:

FieldNotes
Identifier (Entity ID)ganymede.bio
Reply URL (Assertion consumer service URL)https://ganymede-core.firebaseapp.com/__/auth/handler
Sign on URL{client}.ganymede.bio

Once complete, the following information from your Azure AD SSO application should be provided to Ganymede:

  • Certificate (Base64) - This can be found within the SAML Signing Certificate section
  • Azure AD Identifier - This can be found within the Set up SSO Demo section
  • Login URL - This can be found within the Set up SSO Demo section

Shibboleth

Please ensure the following service-provider (SP) metadata is uploaded to IdP:

FieldValue
Identifier (Entity ID)ganymede.bio
ACS (Assertion Consumer Service) URLhttps://ganymede-core.firebaseapp.com/__/auth/handler

Also, please ensure the following metadata format:

FieldNotes
Name IDurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

The XML for the SP metadata can be found here.

Once complete, the following information should be provided to Ganymede, either directly or through a shared metadata XML page:

  • Entity ID - this should be the URL of the metadata XML page if available
  • SSO URL - this should correspond to HTTP-Redirect location metadata
  • Certificate