Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

We Value Your Feedback!
Could you please spare a few minutes to share your thoughts on Cloud Connected vs On-Premise Services. Your feedback can help us shape the future of services.
Learn more about the survey or Click here to Launch the survey
Schneider Electric Services Innovation Team!

Configure SAML 2.0 single sign on (SSO) in IT Advisor

ITA web client

Learn to use the EcoStruxure IT Advisor desktop client to build the data center infrastructure, add inventory, and import data to create a model.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • EcoStruxure IT Help Center
  • EcoStruxure IT Help Center Categories
  • IT Advisor
  • ITA web client
  • ITA web client
  • Configure SAML 2.0 single sign on (SSO) in IT Advisor
Options
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close

Related Forums

  • EcoStruxure IT forum

  • APC UPS Data Center & Enterprise Solutions Forum

Previous Next

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite

EcoStruxure IT Support

Submit a support request for additional assistance with EcoStruxure IT software.

Request Support
Back to ITA web client
Options
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
1 Like
2868 Views

Link copied. Please paste this link to share this article on your social media post.

Trying to translate this page to your language?
Select your language from the translate dropdown in the upper right. arrow
Translate to: English
  • (Français) French
  • (Deutsche) German
  • (Italiano) Italian
  • (Português) Portuguese
  • (Русский) Russian
  • (Español) Spanish

Configure SAML 2.0 single sign on (SSO) in IT Advisor

Sisko JLehr Sisko
‎2024-02-27 11:44 PM

These instructions apply to ITA on-premises only. ITA hosted customers can leverage SSO in IT Expert.

 

Administrators can configure SAML 2.0 SSO on the Configuration > Authentication servers tab in the IT Advisor web client.

Any identity provider (IdP) that supports the SAML protocol is supported. 

 

Once you configure SSO, all users with an email address on one of the domains you specify must use your identity provider to log in to IT Advisor on-premises.

 

IMPORTANT: It is strongly recommended that at least one Administrator user who does not require SSO to log in is configured in the web client on the Administration > Users tab.

 

1. Configure your identity provider

 

Before you configure SSO in IT Advisor, configure the integration with ITA in your identity provider's user interface. Refer to your identity provider's documentation for more information.

See Configure Azure for IT Advisor SAML SSO

 

2. Configure SAML SSO in in IT Advisor

After you have added IT Advisor to your authentication providers user interface, configure the authentication server in the ITA web client. 

 

  1. Log in to the ITA web client as an Administrator.

     

  2. Click the cogwheel in the upper right. Go to Configuration > Authentication Servers > Add Authentication Server.

    ITA configure SAML SSO in web client.png

     

  3. In Authentication server settings, enter:

     

    Type: Select SAML SSO.

    See the documentation for your IdP provider. Azure is used in the examples below.

     

    • Name: The name of the server, for example, Azure SSO

       

    • Service provider ID/Application ID/ Client ID: The UUID of IT Advisor in IdP. In Azure, copy the value from the Application (client) ID field.

       

    • SAML metadata is an XML document that contains information necessary for interaction with the SAML-enabled identity or service providers, for example, URLs of endpoints, information about supported bindings, identifiers and public keys.

      In ITA 9.5.0 and older: Enter the IdP Federation metadata document URL

      In ITA 9.5.1 and newer: Enter the SSO POST URL

       

    • User name attribute name: The unique name of the user. In Azure, copy the value from federation metadata: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

       

    • User email attribute name:  The e-mail address of the user. In Azure, copy the value from federation metadata: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

       

    • User display name/common name,attribute name: The common name of the user. Copy the value from federation metadata: http://schemas.microsoft.com/identity/claims/displayname

       

    • User groups/group name, attribute name: Group(s) the user is a member of. Copy the value from federation metadata: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

       

    • Default ITA user group name: Enter the ITA user group where the authorized users are assigned. Only one group name can be entered. If this value is defined, Mapping of IdP tenant group’s names to ITA group’s names is ignored. If this value is not defined, the group(s) defined in Mapping of IdP tenant group’s names to ITA group’s names are used.

       

    • Mapping of IdP tenant group name to ITA group names: If the value for Default ITA user group name is not defined, this mapping is used to assign users to defined group(s) in ITA. Use an equals sign  =  to separate group names, and use  a semicolon ; to separate each mapping.

      Note: If both the Default ITA user group name and Mapping of IdP tenant group name to ITA group names valuesare not defined, or the group’s names are incorrect, users are not automatically assigning to any group in ITA.

       

    • ITA endpoint URL callback: A SAML Assertion is the XML document the identity provider sends to the service provider that contains the user authorization.

      In ITA, it must always start with https and end with /api/current/authentication/saml2-callback. For example, https://address

       _of _ITA server/api/current/authentication/saml2-callback

       

    • SAML Request certificate: SAML request signing certificates are X.509 certificates used in SAML responses to allow the Service Provider (SP) to verify the authenticity of a SAML response.

      In Azure, the value from federation metadata with the additional prefix ”-----BEGIN CERTIFICATE----- ” and suffix “-----END CERTIFICATE-----”

       

    • SAML Request certificate issuer: The issuer of the request certificate. In Azure, the value from federation metadata in the attribute “EntityDescriptor@entityID” 

       

  4. Click OK.

 

Was this article helpful? Yes No
No ratings

Link copied. Please paste this link to share this article on your social media post.

Didn't find what you are looking for? Ask our Experts
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of