Access rights via single-sign-on with SAML 2.0

In this chapter you learn how to to enable Collaboration Hub and Process Manager access via single-sign-on with SAML 2.0.

Note

This feature is available for Software-as-a-Service workspaces only and requires the Collaboration Hub and an additional technical integration fee.

Signavio supports single-sign-on via selected SAML (Security Assertion Markup Language) SSO services. For example, if you enable Google SAML SSO, your users can use their Google account to access the Collaboration Hub and the Editor.

User identities need to comply with the SAML 2.0 User ID regular expression in order to access the Collaboration Hub. Modeling users need to have an active user account in your Signavio workspace in addition.

Signavio supports Identity Provider-initiated SSO via HTTP Posts requests.

Supported SAML SSO services are:

Activating SAML-based authentication

In case you would like to activate single-sign-on via SAML 2.0 for your workspace, please contact the Signavio Support Team and provide the following details:

  • the email address of your workspace owner
  • Information on whether you want to activate SAML single-sign-on for Hub users and modelers or for Hub users only
  • the SAML 2.0 Identity Issuer Key
  • the SAML 2.0 Identity Provider Issuer Meta Data
  • the SAML 2.0 Starting Point
  • the SAML redirect URL pattern (optional): URL to a service that redirects from URL/<SignavioURL> to <SignavioURL> and asks for authentication if necessary. This allows your users to generate links to share diagrams in the Collaboration Hub with other users, even if the target users who open the link are currently not authenticated. Sharing just the Collaboration Hub URL will open the Signavio Process Manager login screen, into which your Collaboration Hub users cannot log in.

Granting Collaboration Hub access rights based on SAML identities

After having activated SAML-based authentication for your workspace, you need to configure the access rights for your Collaboration Hub users. Proceed as follows:

  1. Open the Explorer and click under Setup the Manage users & access rights entry.

  2. Now, switch to the Read access tab. For each folder, you can define a list of users who are allowed to access

    the folder’s diagrams in the Collaboration Hub.

  3. To add access rights for one or multiple users, select the corresponding folder and specify the user data in the input field in the bottom left area of the dialog.

    For each user, the list entry needs to have the structure email_address first_name last_name. For each user you add to the list, you need to create a new line.

  4. Then, click Add.

    Configuration of SAML-based access rights.

    Configuration of SAML-based access rights.

  5. If you don’t want to specify folder-based permissions and grant full access to the Collaboration Hub to all users, activate the check box General Access for all SAML users.