It is highly encouraged to establish Single Sign-On to the Darwinium Portal. It permits authentication to the Darwinium Portal to be performed by your existing Identity Access Management provider.
We offer support for both OIDC (OAuth2.0) and SAMLv2; SAMLv2 may be preferred due to its simplicity and wider support.
Please note that different IdPs may require slightly different configuration formats and may not exactly match what is on this guide. We will be able to provide exact guidance on integrations with Okta, Google and Azure IdPs, but will also be willing to work with you to configure any new integrations that support our offered protocols.
Self-serve SAMLv2 Setup Instructions
SSO configuration is now self-serve in Portal under Your Name (top right) > SSO Config
Go to Name (top right) > SSO config > Add Identity provider and follow inline instructions.
(Legacy) SAMLv2 Setup Instructions
Step 1: Gather Required Information
You will need the following information to configure your Identity Provider (IdP):
- Single Sign-On URL/ACS URL:
https://auth.darwinium.com/auth/realms/dwn-jump/broker/<your_domain>/endpoint
- Audience URI:
https://auth.darwinium.com/auth/realms/dwn-jump/broker/<your_domain>/endpoint
- SAML metadata endpoint:
https://auth.darwinium.com/auth/realms/dwn-jump/broker/<your_domain>/endpoint/descriptor
-
NameId Format: email
-
NameId Value: email
-
SAML attributes to map: firstName, lastName, email
-
NameID Principal Type: Subject NameID
-
Validate Signature: True
Step 2: Configure Your Identity Provider (IdP)
Use the information above to set up SSO in your IdP. Ensure that <your_domain> matches the domain of the users' email addresses. e.g., if the user logs in with user@yourdomain.com, <your_domain> should be yourdomain.com
Step 3: Provide Us With Your IdP Details
Once you have configured your IdP, provide us with the following details:
- <your_domain>
- The name of your IdP
- Single Sign-On Service URL
- Validating X509 Certificates
We will use this information to complete the configuration on our end.
OIDC Setup Instructions
To configure OIDC, follow these steps:
Step 1: Gather Required Information
You will need the following information to configure your IdP:
- Redirect URI:
https://auth.darwinium.com/auth/realms/dwn-jump/broker/oidc/endpoint
- Grant type: Authorization token AND refresh token
- Application type: Web
- Refresh token: Rotate after every use, 0 seconds grace
- Client Authentication method: Client secret sent as post
Step 2: Configure Your Identity Provider (IdP)
Use the above information to set up OIDC in your IdP.
Step 3: Provide Us With Your IdP Details
Once you have configured your IdP, provide us with the following details:
- <your_domain>
- The name of your IdP
- Authorization URL
- Token URL
- User Info URL
- Client Authentication details
Ensure that <your_domain> matches the domain of the users' email addresses.
e.g., if the user logs in with user@yourdomain.com, <your_domain> should be yourdomain.com
Final Steps
After you provide the necessary details for either SAMLv2 or OIDC, we will complete the setup on our end.
Once this is done, a portal admin in your organization will need to create accounts for users in the Darwinium portal and configure them with the appropriate roles before they can log in.
Any previously existing portal accounts will be automatically switched over to SSO logins and will no longer be accessible by the original password login.