# MSP Portal Configuration {% hint style="success" %} ### Necessary Pre-requisite * ADFS installation and initial setup are complete. * Obtain the [**metadata file**](https://adfshelp.microsoft.com/MetadataExplorer/GetFederationMetadata) from ADFS. * The MSP portal on EnGenius Cloud Platform is activated with an MSP license. {% endhint %} ## Configure SAML SSO for the Organization 1. Go to **Organization > MSP Portal > Teams > Team Management** and find the **SAML SSO** section. 2. Enable **SAML SSO**.

1-1 SAML SSO

3. Click on **Add** to create a new “**IdP**" to input SAML identity provider details: * Upload the **Identity Provider (IdP) Metadata** file, which you can extract from your ADFS server. * Provide a **Name** that helps to identify this IdP. * Provide the **Login URL**, which is the URL of the existing ADFS login page.

1-2 Add IdP

{% hint style="info" %} **IdP Metadata for SSO Integration** **Metadata** for an IdP is a data file containing the IdP's unique identifier, service URLs, public key certificates, and supported communication protocols, used to enable secure SSO connections. {% endhint %} {% hint style="info" %} **Logout URL for Auto-Logout Redirection** The 'Logout URL' allows users to set a specific webpage to redirect to after a defined period of inactivity, ensuring an automatic and secure logout. {% endhint %} 4. Upon creation of IdP, the system auto-generates the **Consumer URL** for where the IdP user data will be sent post-IdP authentication.

1-3 Consumer URL

{% hint style="info" %} Record the "**Consumer URL"** as it is essential for future ADFS configuration. {% endhint %} 5. Customize the EnGenius **SSO Login URL**: Adjust the ending URL for easier recall. It serves as a direct link to the default IdP and is unique to a single IdP.

1-4 SSO Login URL

6. Select a **Default IdP** from the IdP list, it will associate to EnGenius Cloud SSO page as the redirect IdP when user tries to login through SSO URL.

1-5 Default IdP

{% hint style="info" %} **Multi-IDP SAML SSO Configuration** You can manage and create several IdPs in the EnGenius Cloud to establish SAML SSO, each with its unique Login and Consumer URLs, but only one can map to the SSO Login shorthand URL. {% endhint %} ## Create SAML Roles Navigate to **Organization > MSP Portal > Teams > Team Privilege** to access the SAML administrator roles. Use this to assign user group privileges. SAML users receive permissions based on the 'role' attribute in their SAML token from the IdP. To set up a new role for the IdP: 1. Click "**Add Team**". 2. Assign managed scope and permissions as you would for standard users. 3. To finalize, click "**Create admin**" and "**Save changes**".

1-6 Team Privilege

{% hint style="info" %} The new team is set by default to the "**All Org**" scope with "**Admin**" permissions; however, customization for individual organizations is possible. {% endhint %}