How to configure SAML SSO for Sugar

14 Feb 2017

1 minute read time

Many customers want to configure Sugar for Single Sign On (SSO). Well Sugar supports Security Assertion Markup Language (SAML) so this must be easy, right? But the devil is always in the details.

Each SAML identity provider behaves a little differently. Each of these systems has different terminology and methods for configuration and may use different default settings. Some of these important configuration settings can make the difference between a successful SSO implementation and a tire fire. For example, are users provisioned Just-In-Time or will they be provisioned manually? Did you know that Sugar uses the e-mail address as the SAML application username format?

Below are instructions for configuring SAML SSO with a couple of common identity providers.

Okta

One of our Solution Architects, Enrico Simonetti, wrote a good summary of how to configure SAML authentication for Sugar using Okta as the identity provider. Okta is convenient for trying out SSO because they have a developer program you can join. Enrico also covers a few tips and details that can trip up any SAML implementation.

Please visit Enrico's post called SSO Authentication on SugarCRM with SAML for more details including screen shots and even code examples.

Active Directory Federation Service

The most common system that we get questions about is Microsoft's Active Directory Federation Service (ADFS). ADFS is pretty complicated so there are several steps that you need to follow to get it done right.

We recently publish a SugarCRM Knowledge Base article called Configuring SSO With Active Directory's ADFS. It was written by Lars Blockken, one of our Senior Technical Account Managers, and in it he walks you through each of these steps in detail along with screenshots. It will have you up and running on ADFS in no time!

Parents

SugarCRM Developers over 6 years ago

Comment originally made by Soum Das.
Hi Matthew, I am looking for a solution to capture IP address where Sugar is integrated with Octa. I have two challenges. First I am investigating on how to capture IP address in Octa and then how to pass the IP address to Sugar, so Sugar can parse the IP (basically location) and produces the UI accordingly. Do you have any idea that is there any way to pass extra parameter from Octa to Sugar? My assumption is capturing the IP address is possible in OCTA.
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More Actions
- Cancel

Comment

SugarCRM Developers over 6 years ago

Comment originally made by Soum Das.
Hi Matthew, I am looking for a solution to capture IP address where Sugar is integrated with Octa. I have two challenges. First I am investigating on how to capture IP address in Octa and then how to pass the IP address to Sugar, so Sugar can parse the IP (basically location) and produces the UI accordingly. Do you have any idea that is there any way to pass extra parameter from Octa to Sugar? My assumption is capturing the IP address is possible in OCTA.
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More Actions
- Cancel

Children

SugarCRM Developers over 6 years ago in reply to SugarCRM Developers

Comment originally made by Matthew Marum.
I'm not sure why you'd capture IP address via Okta just to pass that information to Sugar. The user's IP should be available on each HTTP request made from the user's browser to Sugar via plain old PHP.
$_SERVER['REMOTE_ADDR'];
If you are deployed on-site, you could even use Apache mod_rewrite to handle routing requests based upon IP of origin.
https://stackoverflow.com/questions/1073852/mod-rewrite-based-on-ip
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More Actions
- Cancel