Delinea PAS - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Delinea Privileged Access Service (PAS) using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Delinea PAS, ensure you meet the following requirements:
- Delinea PAS admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Delinea PAS are registered in your IdP and have the necessary permissions to access Delinea PAS.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Delinea Privileged Access Service - SSO Configuration
Step 1 - Configure Delinea PAS as the Service Provider (SP)
- Log in to your Delinea PAS site as an administrator.
- Navigate to Settings > Users > Partner Management and click Add.
- Under Settings set the following values:
- Partner Name =
Multi-Pass SSO - Federation Type =
SAML 2.0
- Partner Name =
- Under Federation Domains click Add and enter the company’s domain.
- In the left panel, select Inbound Metadata.
- Select Option 1: Upload IdP configuration from URL.
- Insert the tenant’s SAML Metadata URL
- Click Save.
- In the left panel, select Outbound Metadata.
- Select Option 2: Download Service Provider Metadata and save the XML file locally.
Step 2 - Configure Multi-Pass as the Identity Provider (IdP)
- Select the correct tenant and go to Integrations, then click on Applications.
- Select SAML in the custom integration section.
- Select Upload File and upload the XML metadata file obtained from Delinea PAS.
- Confirm/Complete the remaining fields based on the table below:
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | https://<HOST_NAME>.delinea.app/identity-federation/sp/<UNIQUE_STRING> |
| Name | delinea |
| Description | Delinea PAS SSO integration |
| Assertion Consumer Service URL | https://<HOST_NAME>.delinea.app/identity-federation/saml/assertion-consumer |
| NameID Policy Format | email |
- Click Add Integration
- Go to the Advanced Console by clicking in the right side of your screen
- Click on Client and use the search bar to look for Delinea
- Make sure all the fields are populated according to the tables below
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID | https://<HOST_NAME>.delinea.app/identity-federation/sp/<UNIQUE_STRING> |
| Name | delinea |
| Description | Delinea PAS SSO integration |
| Always display in UI | ON |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://<HOST_NAME>.delinea.app/identity-federation/saml/assertion-consumer |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Move to the Keys tab and ensure both parameters are set to OFF.
- Go to the Advanced tab:
- Set Assertion Consumer Service POST Binding URL =
https://<HOST_NAME>.delinea.app/identity-federation/saml/assertion-consumer(must match Valid Redirect URI under Access Settings).
Related Articles
D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Miro - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Miro using MPAS. SSO simplifies user authentication by allowing access to multiple ...Pipedrive – SSO configuration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Pipedrive using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...