By default, Unomaly uses its built-in user database to authenticate users. Unomaly supports configuring multiple authentication providers, such as LDAP and SAML. This topic discusses enabling SAML authentication for single sign-on with your existing identity provide, such as Google, Okta, or Microsoft AD FS.

If you have questions about configuring external authentication methods, contact Unomaly Support.

Edit the SAML configuration file

The SAML authentication configuration file is located on the Unomaly instance at /DATA/unomaly_saml.php.

The file contains a PHP array with an overview and descriptions of each option. Edit the relevant options to add your variables.

Configuration options

Option Example Value Description
idp_entity_id   The URL for the identity provider ID.
idp_sso_service   The SSO login service for the identity provider.
idp_slo_service   The SSO logout service for the identity provider. You can leave this blank if SSO logout from Unomaly is not required.
idp_public_cert_path /DATA/saml.pem The path to the public key for the identity provider.
require_group false Specify whether user is required to be in a certain group.
true yes
false no
default_group 1 Specify the default group is require_group is false.
1 administrator
2 user
group_attribute   Group attribute name as configured in the identity provider.
group_admin   Group name to be mapped to the administrator group.
group_user   Group name to be mapped to the user group.
group_limited   Group name to be mapped to the limited user group.
name ‘Login with SAML’ Friendly service name to display on the login screen.
autologin true If set to true, the user will automatically be redirected to the SAML Identity Provider when arriving at the login screen.

Unomaly endpoints

First, make sure that the “Instance name” setting is correct in Unomaly. This can be set in Settings -> General, and should reflect the DNS name or IP used to connect to Unomaly.

The settings below need to be entered in your Identity Provider.

Option Value Description
entity id https://[unomaly]/index.php?id The URL for the Unomaly entity id
acs endpoint https://[unomaly]/index.php?acs The Assertion Consumer Service endpoint in Unomaly

Example configuration

Google

The following example shows how the configuration for Google as your identity provider looks. You can get the idp_entity_id, idp_sso_service, and the certificate from Google at “Apps > SAML Apps > Add > Setup my own custom app”. Edit the /DATA/unomaly_saml.php file with the values.

<?php
$saml_config = array(
    'idp_entity_id' => 'https://accounts.google.com/o/saml2?idpid=1234',
    'idp_sso_service' => 'https://accounts.google.com/o/saml2/idp?idpid=1234',
    'idp_slo_service' => '',
    'idp_public_cert_path' => '/DATA/saml.pem',
    'require_group' => false,
    'default_group' => 1,
    'group_attribute' => '',
    'group_admin' => '',
    'group_user' => '',
    'group_limited' => '',
    'name' => 'Login with Google',
    'autologin' => true,

);