search

Single Sign-On

Single Sign-On Setup

The preferred and recommended login method is SAML 2.0 for exchanging authentication and authorization data between security domains—specifically, between an Identity Provider (IdP) (e.g., Okta, Azure AD/Entra ID, Ping Identity, OneLogin, or your enterprise IdP).

  • Cross-domain single sign-on: Users authenticate once via their enterprise IdP and gain access to Sentinel without re-entering credentials.

  • Centralized identity management: Leverages existing corporate credentials, reducing password fatigue and improving compliance.

  • Stronger security: Supports federated authentication, attribute mapping (e.g., roles/groups), and protocols for secure assertion exchange (signed/encrypted as configured).

  • Web-based scenarios: Enables SP-initiated (user accesses Sentinel directly) or IdP-initiated (starts from corporate portal) SSO flows.

  • Sentinel acts as the SAML Service Provider (SP).

  • Integration requires configuring Sentinel with your IdP's metadata (or vice versa) — typically involving:

    • Entity IDs

    • Assertion Consumer Service (ACS) URLs

    • Signing certificates

    • Attribute mappings (e.g., for user provisioning or role assignment)

  • Once set up, Sentinel redirects unauthenticated users to the IdP for login; successful authentication returns a SAML assertion, granting access with appropriate permissions.

  • Fallback to local Sentinel credentials remains available if needed (e.g., for admin recovery).

  • No custom code or modifications to PeopleSoft core are required — Sentinel handles SAML independently via its web layer (Nginx-proxied).

circle-info

An IDP Certificate and IDP URL are required to complete the setup.

chevron-rightIDP Attributeshashtag

  • The following data attributes should be sent from your IDP Provider:

chevron-rightSet Up Single Sign-Onhashtag

  1. Navigate to Settings - Single Sign-On.

  2. Input the 'Identity Provider URL.'

  3. Input the ' Identity Provider Certificate.'

  4. Once a configuration is saved, Sentinel will generate a Metadata URL, Sentinel Callback URL, and Sentinel Direct Login Link. *These are used to complete the IDP setup and service connection.

  5. Set up attributes mapping on your IDP to match Sentinel IDP attributes:

    *If your IDP uses different field names in the Attributes section, map the IDP field names to the corresponding Sentinel field names.

  6. Save changes.

  7. Toggle the 'SAML ON/OFF' switch after updating settings.

  • After a successful configuration, a new SSO Login button will appear on the login screen. Sentinel also provides a direct SSO login URL that can be used to initiate login through your IDP. This URL can be found under the Sentinel Direct Login Link.

chevron-rightAssign Default Access for New SSO Users hashtag

First-time users that use the single sign-on (SSO) login may be automatically given access to one or more PeopleSoft environments in Sentinel.

A Sentinel user will only receive access to environments for which they have access profiles.

  • Default Profiles will be assigned to all signed-up users via SAML integration.

PreviousPostgreSQL BackupsNextSoftware Updates

Last updated