Use the Initial sites with view access for new users to set a list of the Matomo Website IDs that the users will be able to view by default (comma separated list of Website IDs). You may set a default view permission ( What is the ‘view’ permission in Matomo?) to some Matomo websites. If just-in-time provisioning is enabled, by default any new users (created with just-in-time provisioning) will have no access to Matomo. If just-in-time provisioning is disabled or the required user data is not provided, an error will happen during the SSO process since we will not be able to initiate any Matomo account. In some scenarios it makes sense to enable the Just-in-time provisioning when you want to automatically create user accounts based on the data provided by the Identity Provider on the SAMLResponse. In Option settings section you can define how Matomo SAML integration will act. In case the imported metadata contains more than 1 Identity Provider entity description, you can use the IdP entity ID to identity the desired entity: This link will redirect to a form where two different methods are offered to let you import the Identity Provider metadata:
Or click on the Import values from IdP metadata link: In the Identity Provider Settings section, you may register the Identity Provider metadata. That circle of trust is based on the exchange of an XML, named metadata, that describes the Entity ID, the entity endpoints and the public certificates (that will allow validation of signed/encrypted SAML messages). the Service Provider SP (the service that protect the app, in this case Matomo).Ī circle of trust is defined between IdP and the SP, allowing all IdP users to access the SP under some conditions. the Identity Providers IdP (the 3rd party entity where the user is authenticated), andĢ. In SAML, there are 2 different kind of entities:ġ.
You may only enable it when the rest of the SAML settings are properly configured. When disabled, all SAML actions are disabled and if a user tries to execute them, she will receive an error notifying that the SAML functionality is disabled. In Status Settings section you see Enable SAML authentication is disabled. Once you activate the SAML plugin, you are able to access its settings panel. Now that you know the main configuration steps, let’s provide details about the SAML configuration. Learn more and contact us in the SAML Support page. You can now open a new browser session and try to login with the SAML Identity Provider.Ĭonfiguring SAML Authentication properly can be difficult so we offer our services to help you get Matomo Analytics successfully working with SAML and enjoy the great benefits of SSO. Share Service Provider metadata with the IdP administrator On the Administration > Plugins page, activate the LoginSaml plugin.Įnter and save settings for SAML: add the Identity Provider info, set the attribute mappings and configure the other options as applicable. To configure SAML authentication follow these steps:
Install the plugin according to our plugin installation guide Configuration