Kaseya One - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Kaseya One using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization
To set up Multi-Pass with Kaseya One, ensure you meet the following requirements:
- Kaseya One admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Kaseya One are registered in your IdP and have the necessary permissions to access Kaseya One.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
KaseyaOne - SSO configuration
Step 1 - Access the SSO Settings in KaseyaOne
- Log in to your KaseyaOne Admin Dashboard.
- Navigate to Admin Settings > Single Sign-On tab.
- In the Single Sign-On with Identity Providers section, click Edit configuration.
- The "Configure SSO" side drawer will appear.
Step 2 - Provide and gather the required values from Multi-Pass
- Open Multi-Pass Dashboard
- Select the correct tenant.
- Click on integration
- Click on application and select the box SAML to start the configuration
- then complete the different field with information from Kaseya's
- Scroll down and click on Add integration.
- Go the advanced console by clicking on the left side.
- Click on client,
- and use the search bar to find the integration you add from the previous steps
- when you are in, make sure all the fields are correctly completed.
- In the settings tab :
- in the access settings section :
- Move to the SAML Capabilities section :
Setting | Value |
---|
Name ID Format | email |
Force Name ID Format | ON |
Force POST Binding | ON |
Force Artifact Binding | OFF |
Include AuthnStatement | ON |
Include OneTimeUse Condition | OFF |
Optimize REDIRECT Signing Key Lookup | OFF |
Allow ECP Flow | OFF
|
- in the Signature and Encryption section :
Setting | Value |
---|
Sign Documents | ON |
Sign Assertions | ON
|
- then move to the tab Keys and make sure that both parameters are switch to OFF
- Click on the advanced tab
- Assertion Consumer Service POST Binding URL = Valid Redirect URIs (https://api-one.kaseya.com/api/v1/sso/saml-callback)
Step 3 - Adding the attributes to MPAS
- Now click on the tab client scope to start adding the attributes required by KaseyaOne.
- Click on the line related to KaseyaOne and we will need to add the list we can find in Kaseya's documentation :
- email
- firstname
- lastname
- username
- companyIdentifier
- For the companyIdentifier :
- Click on configure a new mapper
- select the "hardcoded attribute" from the list
- Complete the fields :
Field | Value |
---|
Mapper Type | Hardcoded Attribute |
Name | companyIdentifier |
Friendly Name | companyIdentifier |
SAML Attribute Name | companyIdentifier |
SAML Attribute NameFormat | Basic |
Attribute Value | Add the value provided by KaseyaOne
|
- Click Save
- Now, we will add the next attributes, click on add mapper and by configuration
- select in the list "User Attribute"
- Complete the different fields for each attribute :
- email
Field | Value |
---|
Mapper Type | User Attribute |
Name | email |
User Attribute | email |
Friendly Name | email |
SAML Attribute Name | email |
SAML Attribute NameFormat | Basic |
Aggregate Attribute Values | OFF
|
- Click Save
- Repeat the same operation with the others user attribute :
- firstname
Field | Value |
---|
Mapper Type | User Attribute |
Name | firstname |
User Attribute | firstName |
Friendly Name | firstname |
SAML Attribute Name | firstname |
SAML Attribute NameFormat | Basic |
Aggregate Attribute Values | OFF
|
- Lastname
Field | Value |
---|
Mapper Type | User Attribute |
Name | lastname |
User Attribute | lastName |
Friendly Name | lastname |
SAML Attribute Name | lastname |
SAML Attribute NameFormat | Basic |
Aggregate Attribute Values | OFF
|
- Username
Field | Value |
---|
Mapper Type | User Attribute |
Name | username |
User Attribute | email |
Friendly Name | username |
SAML Attribute Name | username |
SAML Attribute NameFormat | Basic |
Aggregate Attribute Values | OFF
|
Step 4 - go back to KaseyaOne and finalise the configuration
- Complete the different field and upload the certificate that you can find on your dashboard > Integration > Application
Related Articles
Zoho One - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Zoho One using MPAS. SSO simplifies user authentication by allowing access to multiple ...
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...
D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...
Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...
Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...