Single Sign-On (SSO)

Document created by DPM Admin Employee on Jul 13, 2017Last modified by Dave Murphy on Jul 20, 2017
Version 3Show Document
  • View in full screen mode

As of mPulse 57 and SOASTA 57, SOASTA supports any Single Sign-On authentication process using SAML.

  • Please visit the API Tokens help page for information regarding authentication tokens.

Single Sign-On Settings

 

Note: We only support IdP initiated SSO, so CloudTest and/or mPulse will not send any AuthN requests to the IdP. Therefore, CloudTest/mPulse is not required to send a certificate. All SAML assertions are validated against the certificate uploaded by the user during the setup process (step 3 below, if using the metadata discovery endpoint).

 

To configure SSO:

  1. Log into your CloudTest or mPulse instance and click Company Settings on the leftmost panel. In order to access Company Settings, you must be a tenant admin.
  1. Under Single Sign-On Settings, place a checkmark next to the Enable single sign-on box.

Note: Once you enable Single Sign-On, you cannot log in with old credentials. Contact SOASTA Support if you are locked out of your tenant. 

 

 

  1. Grab the Metadata Discovery Endpoint from your IT department (or the customer for SOASTA admins), enter it in the IdP Metadata URL, and then click Fetch. The Issuer Entity ID will populate, and the Certificate now states Re-upload Certificate.
  1. Grab the IdP-initiated login URL from your IT department (or the customer for SOASTA admins). Enter it in the IdP Initiated URL text field in CloudTest or mPulse. Enter the Issuer Entity ID (or host name of IdP server).

For example, the entityID may be found in your IdP's metadata XML.

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="" entityID="soasta.my.salesforce.com" validUntil="2026-07-22T22:03:58.707Z">

 

  1. Enter the SAML ACS. This value will be given to your IT department by a SOASTA admin. This value will always be the hostname of the CloudTest/mPulse environment followed by concerto/services/saml/v2/doLogin

If you are integrating with the mPulse environment, the full SAML ACS URL will be: 
mpulse.soasta.com/concerto/services/saml/v2/doLogin

 

  1. Enter the Targeted SAML ID. This value is IdP specific, and must be shared with a SOASTA admin (via documentation or the customer's IT department).

Note:  SAML User ID type is the username, and SAML User ID location is the element in the element

 

When we receive a SAML assertion, we must know what SAML AttributeStatement to look for when identifying a user. In the example below, the user is "mrtest." In order for SSO to work, the targeted username should be set to "userName," not "mrtest." (This is not universal: the targeted SAML ID could be the values "email", "id", etc. When in doubt, consult your IdP documentation.)

<saml:AttributeStatement>
<saml:Attribute Name="userName"> <NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">mrtest</saml:AttributeValue> </saml:Attribute> 
</saml:AttributeStatement>

 

  1. The system will not allow you to proceed if you don't set a Certificate, an Issuer Entity ID, and a Targeted SAML ID.
  1. Hit Apply and leave company settings, and then return. The changes you entered should persist.
  1. To test your changes, log out of your current session, enter your username in the Login page, and then hit Enter. Do not enter your password.

API Token Creation

If you want to use SSO, you must use an API Token to authenticate with the CloudTest/mPulse repository API or any other SOASTA API you may use.

  1. Log into your CloudTest/mPulse instance.
  2. Go to My Settings on the leftmost panel.
  3. Generate a new API Token.
  4. Hit Apply.

 

  1. Go to the User Editor by double-clicking on the appropriate user and enter the API Token, under the General tab. Click OK when you're done.

For details on using the API Token, please see our API Token documentation.

User Initiates Single Sign-On

A user can initiate the SSO process by launching the IdP initiated URL provided to them by their organization. Alternatively, users can go to the login page of their CloudTest/mPulse environment. Where they can simply enter their CloudTest/mPulse username.

 

Integrating With Okta

To configure Okta to work with SOASTA, please visit the Okta documentation.

 

Note: The SAML attribute statements must send the user's email with the key matching the Targeted SAML ID listed in the Single Sign-On Settings section above.

Attachments

    Outcomes