Guided Configuration - SSO
The Guided Configuration screen allows an Administrator to configure LiveCompare for its first use, and to maintain an essential set of LiveCompare resources. LiveCompare displays the screen when an Administrator signs in to LiveCompare. Administrators can also access it using the 
tool button in the Dashboard screen, or the 
tool button in the LiveCompare studio.
The SSO tab allows you to use your chosen internal identity provider for user access management, and provides support for single sign-on.
Prerequisites
Before you configure LiveCompare for single sign-on, check the following:
-
Your internal identity provider must use the SAML 2.0 protocol.
Set up single sign on
After you have met the prerequisites above, follow these steps to set up single sign-on.
Allocate LiveCompare roles
You must allocate a role to each LiveCompare user in your identity provider. To do so, create a group for each role, and assign users to each group. The instructions for doing this will vary depending on your identity provider.
LiveCompare recognizes the following groups:
| Group | Description |
|---|---|
| LIVECOMPARE_EDITOR | Users in this group can create and edit workflows, and import workflow templates into workspaces. They can also run workflows, and manage RFC Destinations, Test Repositories and other LiveCompare resources in the LiveCompare studio. |
| LIVECOMPARE_CONSUMER | Users in this group can access apps from the Apps screen. They can create and run app variants, monitor their execution, and view their results. However, they can’t access the LiveCompare studio. |
Create user information attributes in your identity provider
A SAML assertion is an XML document that an identity provider sends to a service provider to confirm a user's authentication and authorization status. You must create the following attributes in your identity provider:
| Attribute | SAML assertion value |
|---|---|
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | The SSO user’s username. |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/role | The SSO user’s role, either LIVECOMPARE_EDITOR or LIVECOMPARE_CONSUMER. |
| http://schemas.microsoft.com/identity/claims/displayname | The SSO user’s full name or display name. |
The SAML assertion created during single sign-on uses these attributes.
Complete the fields in the SSO tab
After you have assigned users to LiveCompare groups, sign in to LiveCompare as an Administrator. Select the SSO tab, and complete the screen fields as follows:
| Field | What to do |
|---|---|
| Enable SSO | Switch this on. |
| Client ID | Enter the client ID for your application. You can get this from your identity provider. |
| SignIn Url | Enter the URL that points to the sign in page for your application. You can get this from your identity provider. |
| SignOut Url | Enter URL that LiveCompare redirects users to after you sign out. You can get this from your identity provider |
Callback Url is a read-only field, set to https://<server name>/livecompare/apps/auth/sso. Your network administrator may request this value to configure LiveCompare’s identity in your identity provider.
Sign in to LiveCompare
To sign in to LiveCompare using single sign-on, navigate to the LiveCompare URL and select SSO.
-
If you don’t have an account on the LiveCompare server, LiveCompare creates an SSO account for you.
-
If you have a standard account on the LiveCompare server, LiveCompare converts it to an SSO account.
To sign in to LiveCompare using a standard account, navigate to the LiveCompare URL, enter your username and password, and select Login.
Set DevOps teams
When LiveCompare creates your SSO account on the LiveCompare server, it doesn’t set your account’s DevOps teams. These control your access to apps. An Administrator should set DevOps Teams for SSO accounts. They can do this from the Edit User Profile screen.
Set Resource Groups
When LiveCompare creates your SSO account on the LiveCompare server, it doesn’t add your account to any Resource Groups. These control your access to workspaces, RFC Destinations, Test Repositories and other resources.
If you have defined Resource Groups in LiveCompare, an Administrator should assign each new SSO account to one or more Resource Groups. They can do this from the Edit Resource Group screen.