SAML Single Sign-On (SSO)

Metric Insights supports Single Sign-On (SSO) authentication, with Users being able to log into Metric Insights via a central Location (Identity Provider - IdP).

  • Metric Insights uses SAML (Security Assertion Markup Language) for authentication
  • Some common SAML implementations that can be used are by OKTA, Microsoft (ADFS), Oracle

This article describes how to configure Metric Insights to work with a SAML-based IdP.

Video Tutorial

Generate Metadata XML from Metric Insights

In the web browser, bring up /simplesaml in Metric Insights, e.g. 

Generate Metadata XML from Metric Insights

  1. Choose Federation tab
  2. Click on Show metadata link

Generate Metadata XML from Metric Insights

1. Copy the Metadata XML and provide that to your SAML Identity Provider (IdP) to generate a Metadata key for Metric Insights to use

2. You will most likely receive a SAML XML in return. Use that file to extract the key components used in configuration. See next steps below.

Create saml.php file

1. Download/copy the .xml file provided by IdP

2. Parse the .xml file by running the following command:

/opt/mi/iv/data/bin/mi-saml-config.php --input-file <path to saml.xml> --saml-type adfsv3

3. All the required metadata is going to be given in the response. Copy it and paste into the saml.php file located at /opt/mi/iv/engine/config/saml.php

Test SAML config

You can test the SAML integration using the screens in Metric Insights at /simplesaml. To login to, first change the password in the saml.php file ( /opt/mi/www/iv/engine/config/saml.php).

Then choose the auth source in the UI. E.g., default-sp


If setup correctly, then you will be redirected to your IdP to sign in.

Upon successful sign in you will be redirected back to Metric Insights and the screen will show you the values of SAML FIELDS, so you can check your mapping in saml.php

Enable SAML in Metric Insights

5.x versions: Access Admin > Utilities > Config Variables, set the SAML_ENABLED field to 'Y' and Save.

6.x versions: Access Admin > System > System Config, set the SAML_ENABLED field to 'Y' and Save.


Add your comment

E-Mail me when someone replies to this comment