Kaseya One - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Kaseya One using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization
To set up Multi-Pass with Kaseya One, ensure you meet the following requirements:
- Kaseya One admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Kaseya One are registered in your IdP and have the necessary permissions to access Kaseya One.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
KaseyaOne - SSO configuration
Step 1 - Access the SSO Settings in KaseyaOne
- Log in to your KaseyaOne Admin Dashboard.
- Navigate to Admin Settings > Single Sign-On tab.
- In the Single Sign-On with Identity Providers section, click Edit configuration.
- The "Configure SSO" side drawer will appear.
Step 2 - Provide and gather the required values from Multi-Pass
- Open Multi-Pass Dashboard
- Select the correct tenant.
- Click on integration
- Click on application and select the box SAML to start the configuration
- then complete the different field with information from Kaseya's
- Scroll down and click on Add integration.
- Go the advanced console by clicking on the left side.
- Click on client,
- and use the search bar to find the integration you add from the previous steps
- when you are in, make sure all the fields are correctly completed.
- In the settings tab :
- in the access settings section :
- Move to the SAML Capabilities section :
| Setting | Value |
|---|
| Name ID Format | email |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Force Artifact Binding | OFF |
| Include AuthnStatement | ON |
| Include OneTimeUse Condition | OFF |
| Optimize REDIRECT Signing Key Lookup | OFF |
| Allow ECP Flow | OFF
|
- in the Signature and Encryption section :
| Setting | Value |
|---|
| Sign Documents | ON |
| Sign Assertions | ON
|
- then move to the tab Keys and make sure that both parameters are switch to OFF
- Click on the advanced tab
- Assertion Consumer Service POST Binding URL = Valid Redirect URIs (https://api-one.kaseya.com/api/v1/sso/saml-callback)
Step 3 - Adding the attributes to MPAS
- Now click on the tab client scope to start adding the attributes required by KaseyaOne.
- Click on the line related to KaseyaOne and we will need to add the list we can find in Kaseya's documentation :
- email
- firstname
- lastname
- username
- companyIdentifier
- For the companyIdentifier :
- Click on configure a new mapper
- select the "hardcoded attribute" from the list
- Complete the fields :
| Field | Value |
|---|
| Mapper Type | Hardcoded Attribute |
| Name | companyIdentifier |
| Friendly Name | companyIdentifier |
| SAML Attribute Name | companyIdentifier |
| SAML Attribute NameFormat | Basic |
| Attribute Value | Add the value provided by KaseyaOne
|
- Click Save
- Now, we will add the next attributes, click on add mapper and by configuration
- select in the list "User Attribute"
- Complete the different fields for each attribute :
- email
| Field | Value |
|---|
| Mapper Type | User Attribute |
| Name | email |
| User Attribute | email |
| Friendly Name | email |
| SAML Attribute Name | email |
| SAML Attribute NameFormat | Basic |
| Aggregate Attribute Values | OFF
|
- Click Save
- Repeat the same operation with the others user attribute :
- firstname
| Field | Value |
|---|
| Mapper Type | User Attribute |
| Name | firstname |
| User Attribute | firstName |
| Friendly Name | firstname |
| SAML Attribute Name | firstname |
| SAML Attribute NameFormat | Basic |
| Aggregate Attribute Values | OFF
|
- Lastname
| Field | Value |
|---|
| Mapper Type | User Attribute |
| Name | lastname |
| User Attribute | lastName |
| Friendly Name | lastname |
| SAML Attribute Name | lastname |
| SAML Attribute NameFormat | Basic |
| Aggregate Attribute Values | OFF
|
- Username
| Field | Value |
|---|
| Mapper Type | User Attribute |
| Name | username |
| User Attribute | email |
| Friendly Name | username |
| SAML Attribute Name | username |
| SAML Attribute NameFormat | Basic |
| Aggregate Attribute Values | OFF
|
Step 4 - go back to KaseyaOne and finalise the configuration
- Complete the different field and upload the certificate that you can find on your dashboard > Integration > Application
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...
Zoho One - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Zoho One using MPAS. SSO simplifies user authentication by allowing access to multiple ...
Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...
Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...
ConnectWise - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for ConnectWise using MPAS. SSO simplifies user authentication by allowing access to multiple ...
