How to enable SSO on Mapwize

Thomas
  • Updated
Follow

SSO is a premium feature proposed by Mapwize to increase the security in accessing the map data. SSO is only available for Enterprise accounts at an extra cost. If you would like to enable SSO on your account, please contact our sales team.

Mapwize supports multiple types of Identify providers. If your don't find your Identify Provider below, please contact us.

The configuration of the SSO login is done in collaboration with Mapwize Support through your Mapwize Account Manager.

SAML

This is the procedure to enable SAML federation. Mapwize support SAML 2.0.

Information to provide to Mapwize

The following details about your SAML Provider are required to configure Mapwize.

  • The email domains on which to enable federation
  • Your IdP SAML 2.0 endpoint
  • Your IdP SLO endpoint
  • Your IdP signature algorithm and certificates

Configuring your IdP

You'll need to configure your IdP to enable federation.

You will receive a SAML_PROVIDER_ID from Mapwize for each domain that requires federation.

  • The callback URLs to authorize are https://api.mapwize.io/auth/saml/{SAML_PROVIDER_ID}.*
  • The URL for IdP initiated request is https://api.mapwize.io/auth/saml/{SAML_PROVIDER_ID}/authenticate
  • The issuer we are using is mapwize.
  • The user profile (<saml:Subject>) should contain the user's email address in at least one of those attributes:
    • under the NameID (make sure to have the NameID format set to "emailAddress")
    • under the "email" attribute
    • under another attribute of your choice. In that case, you'll need to supply the name of the attribute to Mapwize.

Accessing the service

You can use the following URL to access the service from your intranet: https://api.mapwize.io/auth/saml/{SAML_PROVIDER_ID}/. This will log the user in and redirect to your default Mapwize entry point. If the result of this request is a simple text Authenticated, it means that the default entry point was not configured yet.

If required, you can specify the entry point after user login by adding the ?redirect_url={ENCODED_URL} parameter to the request. Please note that the URL needs to be URL encoded!

The service can also be accessed directly from Mapwize Studio, Mapwize Maps or Mapwize mobile apps using the SSO option in the sign in menu.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk