3DPrinterOS SSO Integration Guide (Educational, Enterprise and Professional Licenses)

Updated 10 months ago by Rene-Oscar Ariko

3DPrinterOS SSO Integration Guide (Educational, Enterprise, and Professional Licenses)

3DPrinterOS supports SAML protocol.

SAML SSO works by transferring the user’s identity from one place (the identity provider) to another (the service provider).

This is done through an exchange of digitally signed XML documents. 

Roles

3DPrinterOS acts as a service provider (SP) that redirects users for authorization to the Identity Provider (IdP)

Most often, the exchange goes directly to the metadata XML files transfer between 3DPrinterOS and IdP.

3DPrinterOS is not a member of any access management systems such as InCommon.

However, it supports auto-updating the identity providers using InCommon and similar metadata systems.

Step-by-step integration

1. Exchange metadata of the test environment between 3DPrinterOS(SP) and the Identity Provider(IdP)
   3DPrinterOS has a test environment https://acorn.3dprinteros.com.
   We will use the production environment if the Identity Provider does not have a test environment.
   If IdP uses an access management system like InCommon, it should provide the metadata URL and EntityID.
2. 1. IdP adds 3DPrinterOS metadata to the configuration.
      This allows 3DPrinterOS to access its authorization system.
   2. 3DPrinterOS configures the access point for users through the IdP server.
3. 3DPrinterOS provides the link for SSO testing.
   There is additional debug information on the 3DPrinterOS test environment, which simplifies SSO integration troubleshooting.
4. After successful testing, all the changes are pushed to the production environment on both sides.

A new access point through Identity Provider will appear on the following page: https://cloud.3dprinteros.com -> SSO Tab

SAML Attributes

The only required attribute is email.

Optional attributes are first and last names.

By default, 3DPrinterOS retrieves data using the following attributes:

Email address:

• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
• mail
• urn:oid:0.9.2342.19200300.100.1.3
• eduPersonPrincipalName
• Urn:oid:1.3.6.1.4.1.5923.1.1.1.6

First name:

• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
• givenName
• Urn:oid:2.5.4.42

Last name:

• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
• sn
• urn:oid:2.5.4.4

The most commonly used attributes are specified in the Identity Provider’s metadata.

Otherwise, IdP can always provide its custom attributes to use.

Please reach out to oscar@3dprinteros.com if you have any questions.

How did we do?

Related Articles

• Workgroups in 3DPrinterOS – Divide and Rule
• I signed up through SSO (Single Sign-On). Where is my 3DPrinterOS Password?
• How to create an Industrial (Virtual) 3D Printer in 3DPrinterOS