REQUIRED PERMISSIONS: Full Admin role or IdP Admin (Identity provider administrator)
Note
To facilitate a quick rollback in case of any issues during migration, we recommend you create a new SAML application.
Do not update the existing Samsara application in your IdP.
As part of the continuous improvement to your product experience, Samsara is replacing the SAML service provider, which establishes the connection between Samsara and your identity provider. To minimize disruptions to your SSO configuration, Samsara recommends you migrate your SAML connection.
To migrate your SAML connection as a Samsara Admin, perform the following workflow:
-
Select the Settings icon () at the bottom of your Fleet menu to view dashboard settings.
-
In Organization, select Single Sign-On.
-
Click Migrate.
-
If you are a Full Admin, share the SAML fields with your IdP Admin and have the IdP Admin perform the steps in Assist with SSO Authentication Connection Migration as an IdP Admin.
-
After the IdP Admin complets the steps in Assist with SSO Authentication Connection Migration as an IdP Admin, enter the metadata URL or upload the metadata XML file exported from your IdP into Samsara.
-
Save.
-
Test the Samsara sign in from the IdP application.
-
Test the Samsara sign in from cloud.samsara.com (or cloud.eu.samsara.com if you operate in Europe).
If you experience issues when you sign in to Samsara, contact Samsara support.
If you are an IdP Admin who is assisting a Samsara admin with SSO authentication connection migration, ensure your Samsara Admin provided you with SAML fields. If you need the SAML fields please review or direct your Samsara Admin to Migrate Single Sign-On (SSO) Authentication Connection as a Samsara Admin.
After your Samsara Admin provides you with SAML fields, complete the relevant workflow for your IdP:
-
Configure the following information:
-
Single sign-on URL: Copy the Post-back/ACS URL (Assertion Consumer Service) from the SSO connection settings in the Samsara dashboard.
-
Audience URI: Copy the Service Provider Entity ID from the SSO connection settings in the Samsara dashboard.
-
-
Configure SAML attributes.
Name
Value
https://cloud.samsara.com/saml/attributes/email
user.value
https://cloud.samsara.com/saml/attributes/name
user.firstName+" "+user.lastName"
-
Share the new IdP application metadata URL with the Samsara Admin.
As a Cloud Application Administrator signed in to the Microsoft Entra admin center:
-
Navigate to Identity > Application > Enterprise applications.
-
Select + New application.
-
+ Create your own application.
-
Enter the name of application
Samsara
. -
Select Integrate any other application you don't find in the gallery (Non-gallery).
-
Create the app.
-
-
Assign users and groups.
-
Configure SAML.
-
In the side navigation, select Overview.
-
Select Get Started in the Set up single sign on box.
-
Click SAML.
-
Select Edit in the Basic SAML Configuration to add the SAML fields provided by your Samsara Admin.
Copy the link from Service Provider Entity ID into the Identifier (Entity ID) field.
Copy the link from Post-back/ACS URL to the Reply URL (Assertion Consumer Service URL) field.
-
Save your changes.
-
-
Add claims for two Samsara attributes:
email
andname
.Claims are used to assert certain properties or characteristics of the user during the authentication process. You will need to define claims for both the user's email and the user's name. For each claim you will define the following information:
-
Name:
email
orname
-
Namespace:
https://cloud.samsara.com/saml/attributes
-
Source attribute
To define the claim, select Edit in the Attributes & Claims section and Add a new claim for each of the Samsara user attributes.
-
Name attribute: We recommend you configure the Source attribute for
name
to the value that you would like to be mapped to Samsara's name. For example, you can use user.displayname as your source attribute if you are using user.displayname. -
Email attribute: We recommend you configure the Source attribute for
email
to the value that you would like to be mapped to Samsara's name. For example, you can use user.mail as your source attribute if you are using user.mail.
Then, Save your changes.
-
-
In SAML Certificates, copy and share the App Federation Metadata Url or download the Federation Metadata XML file and share it with your Samsara Admin.
-
Create a new Samsara SAML application with the values shared from the Samsara Admin.
Samsara recommends that you import the Samsara metadata SAML configuration instead of manual configuration, if you able to do so for your IdP.
-
Configure SAML attributes.
Name
Value
https://cloud.samsara.com/saml/attributes/email
User's email
https://cloud.samsara.com/saml/attributes/name
User's name
-
Add the Samsara Admin as a user to the new application.
-
Share the new IdP application metadata URL or file with the Samsara Admin.
Comments
0 comments
Article is closed for comments.