Cyber Guru allows integration with Single Sign-On (SSO) systems through the SAML 2.0 protocol, providing secure and centralized access to its services without directly accessing the user database. This approach completely entrusts the management of authentication and access policies to the customer's Identity Provider (IdP) system.
For the SAML protocol to work, both the customer's Identity Provider (IdP) and Cyber Guru's Service Provider (SP) must have SAML 2.0 components and be able to configure the so-called "Circle of Trust."
Cyber Guru provides specific and ready-to-use technical documentation to configure SSO with the following IdPs:
-
✅ Google Workspace
-
✅ Microsoft Entra ID (formerly Azure Active Directory)
If the customer uses an identity and access management platform (such as Oracle, Forgerock, Okta, Microsoft ADFS, Google, IBM, AWS, WSO2, etc.), it will be necessary to configure SAML 2.0 using their internal resources or with the support/consultation of the platform provider.
The configurations also involve the exchange of metadata between IdP and SP. Cyber Guru requires a public URL to access the IdP's metadata structure and, in turn, exposes its own metadata structure via a public URL.
Once the configuration is completed on the customer's tenant, the SSO login button will appear.
It's important to distinguish between the two types of SSO provided by Cyber Guru:
-
With preloaded users (recommended)
This mode requires all users to be preloaded into the platform before SSO configuration. Additional users can only be added to the platform through preloading. Moreover, to modify preloaded attributes not present in the assertion, changes must be made directly in the Cyber Guru platform. In this case, SSO performs login only and updates any attributes present in the SAML assertion that are indicated in the "Identity Provider Attributes" table with the update "At each access."
If the user is not preloaded into the platform, access will be denied.
-
Without preloaded users
This mode does not require users to be preloaded into the platform. Each user will be registered on the platform at their first login, and the platform will automatically acquire all attributes defined during SSO configuration. The platform can be set up to automatically assign licenses at first access: this way, at the first login, each user will automatically acquire a license to operate on the platform, and no manual intervention will be needed.