2.3 Access Data Studio Using SAML Realm

This section provides information on managing users who can access Data Studio with Identity Provider (IdP or IDP). The IdP acts as the Single Sign-On (SSO) service provider for implementations between Compliance Studio, Data Studio, Investigation Toolkit, and Enterprise Case Management. This configuration prevents separate login for each application.

An identity provider (IdP) is a service that stores and verifies user identity. IdPs work with single sign-on (SSO) providers to authenticate users. An identity provider (IdP or IDP) stores and manages users' digital identities. An IdP checks user identities via username-password combinations and other factors, or it may simply provide a list of user identities that another service provider (like an SSO) checks.

Users should map the following user groups to access the Data Studio and Investigation Toolkit:
  • DSUSRGRP: Grants admin privileges for Data Studio
  • IHUSRGRP: Provides restricted access to Data Studio
To integrate Data Studio with IDP as the SSO provider, follow these steps:
  1. Create the following Group in the IDP system. For more information on creating groups in IDP, see the OFS Admin Console User Guide.
    • Create the new groups with the same name as the pre-configured groups. For more information, see the User Groups section.
  2. Create a SAML application in IDP for Data Studio.
  3. Configure the SAML application. Key configurations in the SAML application is as follows:
    • Entity ID: https://<Hostname>:7008/cs
    • Assertion Consumer URL: http://<Hostname>:7008/cs/saml/consume
    • Include Signing Certificate in Signature: Enabled
    • Signature hashing algorithm: SHA-256
    • Enable Single Logout: No
    • Require encrypted assertion: No

      Figure 2-3 Sample Configuration for Data Studio


      Description of Figure 2-3 follows
      Description of "Figure 2-3 Sample Configuration for Data Studio"

  4. Update the SAML attribute configuration as described in the following table.

    Table 2-5 SAML Attribute Configuration

    Name Format Type Value Condition
    ofs_mapped_groups Basic User Attribute Group Member All Groups
    email Basic User Attribute Primary Email -
    username Basic User Attribute Last Name -
    group Basic User Attribute Group Member All Groups

    Figure 2-4 SAML Attribute Configuration


    Description of Figure 2-4 follows
    Description of "Figure 2-4 SAML Attribute Configuration"

  5. Create a user and map the user groups to the respective user based on the user roles.
  6. After creating the application, download the “Signing Certificate” of the SAML application of the Data Studio and rename it to “key.cert” file and place in the following locations.
    • <OFS_COMPLIANCE_STUDIO_INSTALLATION_PATH>/deployed/mmg-home/mmgstudio/ conf
    • <OFS_COMPLIANCE_STUDIO_INSTALLATION_PATH>/mmg-home/mmg-studio/conf
  7. Restart Compliance Studio.