SSO

This option will be visible only to the DataMorph users with an Admin role. DataMorph Administrators can set up SSO here.
﻿
DataMorph﻿™ currently supports integration with a SAML based provider for single sign on. SAML SSO needs setup at the identity provider end as well as on the DataMorphTM (service provider) side. 
Identity Provider Setup
Here is a description of the needed configuration for an AWS based Identity Provider.
Step 1:After logging into AWS with the requisite administrator privileges, navigate to the IAM Identity Center. (Successor to AWS Single Sign on).
Step 2:Navigate to the Application assignment -> Applications menu on the left menu bar.
Step 3:Add a new application. On the new application screen, select Custom application -> Add custom SAML 2.0 application. Click the Next button
Step 3: Configure ApplicationEnter configuration information for DataMorphTM SSO
Display Name: DataMorph﻿Description: Enter a suitable description.
Step 4: IAM Identity Center MetadataIAM Identity Center SAML Metadata File: Download the IAM Identity Center metadata file using the Download link.﻿IAM Identity Center Certificate: Download the IAM Identity Center certificate using the Download link.
Step 5: Application PropertiesApplication start URL: Enter https://<customer-datamorph-domain-name>/admin/saml/consume/redirect 
The <customer-datamorph-domain-name> should be the domain name allocated to you by the DataMorph team. Most likely it will be off the form  some-subdomain.datamorph.ai . For example,  irap-cloud.datamorph.ai  or  demo-cloud.datamorph.ai .
The rest of the URL should be exactly as indicated above. An example of a complete application URL in these two cases would be:
 https://irap-cloud.datamorph.ai/admin/saml/consume/redirect ﻿AND﻿ https://demo-cloud.datamorph.ai/admin/saml/consume/redirect 
Relay State: Keep this field blank﻿Session duration: Select any session duration or leave the default as is. 
Step 6: Application MetadataSelect Manually type your metadata values. Enter the following values
Application ACS URL: https://<customer-datamorph-domain-name>/login/saml2/sso/awssso. 
For example:  https://demo-cloud.datamorph.ai/login/saml2/sso/awssso 
Application SAML Audience: https://<customer-datamorph-domain-name>/saml2/service-provider-metadata/awssso
For example:  https://demo-cloud.datamorph.ai/saml2/service-provider-metadata/awssso 
Click the Submit button at the bottom right corner. This should create a SAML 2.0 custom application configuration for DataMorphTM. Now its time to select which users can access DataMorph﻿™.
Step 7: Assign UsersClick the Assign Users button and select all the users who need access to DataMorph﻿™. Click the Assign Users button to allow the users to access DataMorph﻿™.
Step 8: Edit attribute mappingsUse the Actions dropdown on the top right corner and select Edit attribute mappings. Add the following mappings:
Attribute
Maps to String
Format
Subject
${user:subject}
unspecified
Email
${user:email}
unspecified
The ${user:} will pull the attributes from the user object in IAM and pass them to DataMorph﻿™.
These are the only mandatory attributes and those currently supported by DataMorph﻿™.
DataMorph Setup (Service Provider)
Step 1:Login to DataMorph as an Administrator and navigate to the Administration -> Users tab. Ensure that all the Assigned Users from the Identity provider are present in DataMorph with the appropriate role. The username in DataMorph needs to exactly match the Email from the identity provider. For example, if an assigned user in AWS is john.doe@datamorph.ai, a user with username john.doe@datamorph.ai needs to be present in order for SSO to work correctly. 
Step 2:Next, navigate to the SSO tab and upload the SAML metadata file which was downloaded in the AWS SSO console. This should populate all required identity provider fields needed for SSO to work. There is also an option of manually entering the fields needed for SSO identity provider configuration, but to avoid errors, it's recommended to use the Upload button instead. 
Step 3:Toggle the "Enable SSO" switch. Keep any other configurations on this screen unchanged. Click the Save button and logout from DataMorph.
On refreshing the login page, the user should now see the DataMorph login page with two tabs. The first tab, is the SSO tab which allows logging in using SSO by clicking the Single Sign On button.
The second tab allows administrators to login using the DataMorph credentials rather than SSO.