Jama Connect User Guide

Configure SAML authentication

To configure SAML authentication, you must first update the settings in the Replicated console.

  1. Contact support to retrieve:

    • your Jama Connect SAML service URL

    • a unique token to securely identify your instance of Jama Connect

  2. Open the Replicated admin console.

  3. Select Settings and scroll down to Jama Cloud.

    Image shows "Settings" in the header, "Jama Cloud" in the main panel and "Save" at the bottom of the screen.

  4. Under Authorization token, enter the token from step 1.

    Image shows Jama Cloud section with two fields, one for authorization token, and the other for SAML URL.

  5. Under SAML URL enter the URL from step 1.

  6. Select Save to update the settings.

  7. Restart Jama Connect.

  8. Log in to Jama Connect as root user.

  9. Select System properties > Authentication properties > SAML

    Tip

    If the SAML tab is not available:

    • Check the Replicated settings under Add services configuration to be sure the URL and token have been entered correctly.

    • Make sure you restarted the system.

  10. Prior to entering any data, select the box next to Enable SAML and select Save.

    System Properties, authentication properties, SAML window allows you to configure SAML properties.

  11. Get the metadata URL or XML from your identity provider and enter it in the appropriate field. This may be enough to establish a connection. If so, the last three read-only fields will auto-populate with a URL. For example: 

    • SP metadata URL

      https://saml-or.jamacloud.com/saml/metadata/alias/defaultAlias

    • ACS / single-sign-on URL

      https://saml-or.jamacloud.com/saml/SSO/alias/defaultAlias

    • SP entity ID / Audience restriction

      https://saml-or.jamacloud.com/saml/metadata/alias/defaultAlias

    If the connection does not immediately work, you may need to adjust the information in the following fields or contact support.

    • ACS binding

    • First name attribute mapping

    • Last name attribute mapping

    Tip

    The mapping fields serve as the key that connects user identity between Jama Connect and your identity provider. If name attribute mapping fields aren't specified, then a new user's full name will default to their email address.

    Note

    Organizations that use SAML are able to use electronic signatures as of 8.48. Signatures are enabled by default, but if your identity provider (IdP) is unable to process the reauthentication you can deselect the box to disable signatures.

  12. Select Save.

  13. Once SAML is enabled, Jama Connect will redirect all users to the identity provider's login page. The Jama Connect login page will only be accessible for system administrators to log in as the root user with this URL: 

    https://your-jama-url/casper/login.req

Note

If you want to connect multiple instances of Jama Connect to the SAML service, you will need to create unique metadata or applications for each instance through the identity provider.

This is true for any combination of production, sandboxes or self-hosted instances. The entity ID is a unique value that allows the service and identity provider to locate each other and send users to the correct Jama Connect instance.

It is common to test an integration instance first before using a production instance. For this reason, it's a good idea to test an integration instance before using SAML on production. For example, you would disable a sandbox instance from SAML before connecting on a production instance.

Note

At any time, you can enable a different authentication method. Selecting another method disables SAML. 

In this section: