Topic

How to configure Single Sign-On (SSO) for use with the Everbridge Manager Portal.

Description

Configuring Single Sign-On for an Everbridge account can vary based on the Identity Provider (IdP).

Overview 

Setting up SSO for the Everbridge Manager Portal consists of the following tasks:

1. Prerequisites
2. Configure Manager Portal Account Settings
3. Generate the Everbridge Login URL and Everbridge Service Login URL
4. Download Account Metadata
5. Update the User Record SSO User IDs
6. Test the Manager Portal SSO Configuration
7. Download the Account Metadata XML File for Record Keeping

Prerequisites

Your Identity Provider's (IdP) metadata is a prerequisite for setting up your users' SSO. Download the metadata file from your IdP and save it as an XML file using one of the below options:

• Format the Entity ID and ACS URLs first:

1. 1. Format the Entity ID and ACS URLs before generating the IdP metadata file by using the following templates:

• • • Single Sign On URL (ACS URL): https://manager.everbridge.net/saml/SSO/{API_NAME}/alias/defaultAlias
    • Entity ID: https://sso.everbridge.net/{API_NAME}

1. 2. Generate the IdP metadata file 

• Format the Entity ID and ACS URLs later: 

1. 1. Generate the metadata from your IdP without configuring the Entity ID and ACS URLs
   2. Configure the Manager Portal account settings in Everbridge as described below under Configure Manager Portal Account Settings
   3. Download the updated metadata file from Everbridge as described under Download Account Metadata
   4. Upload the metadata file with your IdP to update the Entity ID and ACS URLs

Configure Manager Portal SSO Account Settings

Log in to the Everbridge Manager Portal as an Account Administrator

1. Click "Settings"

2. Click "Security"

3. Click "Single Sign-On for Manager Portal"

4. Enter a Name for your Single Sign-On instance

5. Enter the API Name for your Single Sign-On instance. The API name must be exactly what you entered in the Entity ID and Reply URL fields in your IdP. Everbridge recommends using all lowercase as a best practice.

6. Select your Identity Provider (IdP) from the drop-down menu

7. Enter the Service Provider Certificate information

8. Upload the Identity Provider Metadata file

9. Choose your Security Hash Algorithm

10. Note the SAML Identity Location

11. Note the Everbridge Login URL and Everbridge Service Login URLs are blank

12. Click "Save"

Generate the Everbridge Login URL and Everbridge Service Login URL

After saving, two new entries will become available: Everbridge Login URL and Everbridge Service Login URL:

• Everbridge Login URL: the web address for logging in to the Manager Portal directly using a username and password (otherwise known as a breakglass account).
• Everbridge Service Login URL: the unique URL that users will access to log in to the Manager Portal using SSO.

Notice that the end of the Everbridge Service Login URL matches the value entered for the API Name (sampleclient in this example).

Download the Account Metadata

After saving your Manager Portal configuration settings, you can click the blue Download Metadata or Download VCC Metadata button to retrieve the metadata file. The metadata file downloaded from Everbridge will have two new entries updated in the XML file: Entity ID and ACS URLs.

This metadata file can now be uploaded to your IdP if needed to update the Entity ID and ACS URLs if these items were not configured before generating your metadata file.

If you already configured the Entity ID and ACS URLs in your IdP before generating your XML file, you can proceed with the next steps.

Update User Record SSO User IDs

1. Log in to the Everbridge Manager Portal as an Account Administrator

2. Select Users

3. Select the pencil icon to edit the user record

4. Enter the SSO User ID for each User

Test the Manager Portal SSO Configuration

1. Access the account's SSO login page by using the URL under Everbridge Service Login URL as shown in this example above (https://manager.everbridge.net/saml/login/sampleclient in this case).

2. At the login screen click GO TO LOGIN PAGE
3. The user should be re-directed to the IdP sign-in page
4. Have the user enter the IdP user account Username (referred to above as the SSO User ID) and Password
5. Click Log In.

If the setup has been configured correctly, the user will be logged in via SSO.

If users are unable to log in via SSO

1. Capture screenshots and specific error messages.
2. Reach out to the IdP administrator to determine whether there is an error happening on the IdP side.
3. Submit a support ticket noting the specific error received, the impacted user, the username entered upon logging in, and the date/time of the failed sign-in attempt.
4. Refer to knowledge article EBS: Troubleshooting & Configuration Guide for Single Sign-On (SSO) - Main Page for troubleshooting help.

Download the Account Metadata XML File for Record Keeping

Once you have configured SSO and confirmed via testing that it is working as you expect, download a copy of the account metadata XML file for your record keeping by following the steps below.

1. Log in to the Everbridge Manager Portal as an Account Administrator
2. Select Settings > Security > Single Sign-On for Manager Portal > Download Metadata or Download VCC Metadata buttons