Configuring SAML for PMWeb


This topic describes how to configure OneLogin to provide SSO for PMWeb using SAML.

  1. Log into OneLogin as an admin and go to Apps > Add Apps.

  2. Search for and select the PMWeb SAML connector.

    The initial Configuration tab appears.

  3. Click Save to add the app to your Company Apps and display additional configuration tabs.

    The Info tab appears.

  4. Go to the Configuration tab and enter your PMWeb subdomain name.

    In the sample URL below, only your_domain is your subdomain name.

    https://your_domain.pmweb.com/pmwebsaml/assertionservice.aspx

  5. Click Save.

  6. Go to the Parameters tab and map PMWeb attributes to OneLogin attributes.

    In most cases, you should keep the Configured by admin default. For more information, see Setting Credential Configuration Options.

    For most implementations, you can accept the default attribute mappings. Ensure that the PMWeb field Username (NameID) is set to Email name part.

    Click the Issue Type parameter to open the Edit Field dialog. Select the value -Macro- from the drop-down list, and then enter PMWeb in the box below -Macro-.

    Click Save to save your changes on the Parameters tab.

  7. Go to the SSO tab to obtain the SAML 2.0 Endpoint (HTTP) and the IdP Metadata file that you must send to your PMWeb support team to configure SAML SSO.

    1. Copy the SAML 2.0 Endpoint (HTTP) value found on the SSO tab.

    2. Download the IdP Metadata file by clicking More Actions, and then clicking SAML Metadata.

    3. Send both the SAML 2.0 Endpoint (HTTP) and the IdP Metadata file to your PMWeb support team. The team will enable SAML SSO and walk you through the setup.

  8. On the OneLogin Access tab, assign the OneLogin roles that should have access to PMWeb and provide any app security policy that you want to apply to PMWeb.

    You can also go to Users > All Users to add the app to individual user accounts.

  9. Click Save.

  10. Test the SAML connection.

    1. Ensure that PMWeb has received and processed your SAML 2.0 Endpoint (HTTP) and IdP Metadata file.

      Your SAML connection will not work until PMWeb has processed this information from you. 

    2. Ensure that you have user accounts in both OneLogin and PMWeb that use the same email as the username.

      You can create a test user, or you can use your own account if you choose.

    3. Make sure you are logged out of PMWeb.

    4. Log into OneLogin as an admin and give the test user access to thePMWeb app in OneLogin. (See step 8 above)

    5. Log into OneLogin as the test user.

    6. Click the PMWeb icon on your OneLogin dashboard.

      If you are able to access PMWeb, then SAML works.