EBS: How to Configure Single Sign-On (SSO) For Use With Everbridge Manager Portal and the ManageBridge App

lock-solid.svg

Topic:

How to configure Single Sign-On (SSO) for use with Everbridge Manager Portal and the ManageBridge App.

Description:

Configuring Single Sign-On for an account can vary based on the Identity Provider (IdP). 

Preparation for SSO Configuration:

Your Identity Provider's (IdP) metadata is a prerequisite for setting up your users' SSO. Download the metadata file from your IdP and save it as an XML file. There are two workflows available: 

  1. Format the Entity ID and ACS URLs before generating your metadata file using these templates:
    • Single Sign On URL (ACS URL): https://manager.everbridge.net/saml/SSO/{API_NAME}/alias/defaultAlias
    • Entity ID: https://sso.everbridge.net/{API_NAME}
  2. Generate the metadata file without configuring the Entity ID and ACS URLs, follow the steps to configure SSO in the Manager Portal, download the updated metadata file, and upload the updated metadata file with your IdP to update the Entity ID and ACS URLs. 

Manager Portal Account Settings

  1. Log in to the Manager Portal at the Account level.
  2. Select Settings from the top menu bar.
  3. Select Security from the menu on the left.
  4. Select Single Sign-On for Manager Portal from the sub-menu.
  5. Enter a Name for your Single Sign-On instance.
  6. Enter your API Name. The API name must be exactly what you entered in the Entity ID and Reply URL fields in your IdP. Note: We recommend using all lowercase as a best practice. 
  7. Upload the Identity Provider Metadata file.
  8. Select the desired radio button for the Security Hash Algorithm.
  9. Click Save.
Manager Portal SSO Settings

After saving, two new entries will become available: Everbridge Login URL and Everbridge Service Login URL:

  • Everbridge Login URL: the web address for logging in to the Manager Portal directly using a username and password (otherwise known as a breakglass account).
  • Everbridge Service Login URL: the unique URL that users will access to log in to the Manager Portal using SSO.
User-added image

Notice that the end of the Everbridge Service Login URL matches the value entered for the API Name (ebssotesting in this example).
 

ManageBridge Mobile App

  • Enable the use of Single Sign-On for the ManageBridge mobile app by checking the box Enable Single Sign-On for ManageBridge, setting a keyphrase then clicking Save.
User-added image

Downloading Account Metadata

After saving, you can click the blue Download button to retrieve the metadata file. The metadata file downloaded from Everbridge will have two new entries updated in the XML file: Entity ID and ACS URLs.

This metadata file can now be uploaded to your IdP if needed to update the Entity ID and ACS URLs if these items were not configured before generating your metadata file.

If you already configured the Entity ID and ACS URLs in your IdP before generating your XML file, you can proceed with to the next steps
 

Updating User Record SSO User ID

  1. Select Users from the top menu bar.
  2. Find the appropriate user in the user list.
  3. Click on the edit pencil on the left side of the screen to open the user profile.
  4. Find the SSO User ID field and populate the User ID - Note: This field is case sensitive and must match up exactly between Everbridge and your IdP.
Manager portal User

Test the New Manager Portal SSO Configuration:

The account's SSO login page can be accessed by clicking the URL in the Everbridge Service Login URL (https://manager.everbridge.net/saml/login/ebssotesting in this example). A user would follow these steps from the account's SSO login page:

  1. Click GO TO LOGIN PAGE.
Login Redirect Button
  1. The user should be re-directed to the IdP sign-in page.
  2. Enter the IdP user account User Name (referred to above as the SSO User ID) and Password, and then click Log In.
The user is then logged in using SSO  

Test the New ManageBridge SSO Configuration: 

  1. In the ManageBridge mobile app tap Enable Single-Sign On.
User-added image
  1. On the next screen enter your keyphrase. You will then be redirected to enter your login credentials on then next page.
User-added image


If users are unable to log in:

  1. Capture screenshots and specific error messages.
  2. Reach out to the IdP administrator to determine whether there is an error happening on the IdP side.
  3. Contact Everbridge Technical Support noting the specific error received, the impacted user, the username entered upon logging in, and the date/time of the failed sign-in attempt.

Related Knowledge Base Articles: 

000028873 - Troubleshooting Single Sign-On (SSO)
000059118 - Single Sign-on (SSO) Unauthorized Access Error When Logging in to the Everbridge Manager or Member Portals

 

Download XML for Record Keeping

If the reconfiguration was successful, download the XML file used to create this new SSO configuration for record keeping by following the steps below:

  1. Log in to the Manager Portal as an Account Administrator.
  2. Click the Settings tab from the top of the page.
  3. Select  Security from the pane on the left.
  4. Select Single Sign-On for Manager Portal from the drop-down.
  5. Click the Download button and save the XML file.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.