Organization settings
Your Organization settings are accessible from the top-right dropdown:
Overview tab
The overview tab gathers the basic settings of your Organization: here you'll be able to edit
its name
its logo
or delete it permanently.
Owners tab
In this tab you can manage your Organization Owners. Owners are simply users who have access to the Organization settings.
A user must belong to at least 1 project of the Organization to be invited as an Owner and will be automatically added as Admin on all projects of the Organization
Security tab
You need to be on a Forest Admin Pro plan to have access to this feature. You need a least one project within this organization with this plan to gain access to this feature
This tab gathers all security options of your Organization. For now you can only configure Single Sign-On (SSO).
Configuring SSO
We are supporting the SAML 2.0 specifications, you can use all the main Identity Providers.
For instance, the following platforms have been tested and documented: Okta, OneLogin, Google and Azure Active Directory IdPs.
Requirements
To configure SSO for your organization, you must:
Be an organization owner.
Have access to your Identity Provider.
Configure your Identity Provider
You'll first need to declare Forest Admin in your Identity Provider using the information in the grey panel:
Configure Forest Admin with the Identity Provider Metadata
XML file upload or XML file endpoint (Recommended)
Either upload a file containing the authentication information (you'll be able to generate this file in your Identify Provider) or input the endpoint at which such a file is available (some IPs provide this).
Manual input
You may also enter your authentication information manually. You'll need to provide:
a Login endpoint
a Logout endpoint
and finally a Valid certificate
Click on Test configuration to try to authenticate.
Enables it for all the users
If it works, you're all set but you will still need to enable that new SSO authentication method:
After enabling SSO, all users will be required to log in again.
Identity Provider-initiated login (Optional)
Once you have enabled SSO, you have the option to enable IdP-initiated login: this will allow your users to be automatically logged in when they come to Forest Admin from your identity provider dashboard.
To set it up properly, you will need to set a default Relay state on your identity provider following this format (or URL encoded depending on the IdP):
Troubleshooting
Check the steps below this if you encounter an issue:
Double check all information (endpoints, certificate expiration dates, etc..)
Make sure the
NameID
configured on your Identity Provider is the email address used on Forest Admin accounts tooMake sure you selected SAML 2.0 on your Identity Provider
If you can't find anything by yourself don't hesitate to ask for help on our Community forum
Last updated