Troubleshooting - Active Directory
Q1: How to change the expiry date of IDP certificate in Azure AD
Description
The below documentation contains the step-by-step instructions to update the expiry date of an IDP certificate in Azure portal and uploading it to the Prolaborate.
Azure Configuration
1. Add a new certificate in the SAML certificates pane.
2. Set the Expiry date as desired and click the "Save" button.
3. Click on the option and select the "Make Certificate Active" option.
4. Make sure you download the active certificate from Azure AD.
Prolaborate Configuration
1. Navigate to the SAML Single Sign-On page.
2. Proceed to upload the new certificate.
3. Click on the “Save” button.
4. Test the functionality by accessing the Prolaborate in a private tab and confirm the authentication using the
Response
Hi <Customer>,
Thank you for reaching out to Sparx Platform Support.
Please follow the steps outline below to update the IDP certificate in Azure portal and Prolaborate,
<Include Azure and Prolaborate Configuration>
By following these steps, you will be able to successfully update the expiry date of the certificate in Azure AD and Prolaborate. You can also share the certificate with us so that we will upload it to your Prolaborate’s SAML configuration.
Please let us know if you have any questions or concerns.
Reference
Ticket ID: #4521
Subject: URGENT - ENEXIS EA not working after Certificate change
Department: Sparx Platform Support
Q2: Permission Denied error when logging in with Azure AD SSO
Description
A Customer reported that they are getting “Permission Denied” error when logging in with SSO. The customer is using Azure Active Directory and we assisted them in setting SAML SSO for their Prolaborate.
Troubleshooting Steps
We set the logging level to “info” and asked the customer to try logging in with SSO, so that we will be able to see it in the logs.
After the customer did, we reached out to Product team with our inputs.
Dev team investigated the logs and found that SAML request was received as ‘role’ instead of ‘group’. We also suspected that the customer didn’t have a group added in the Azure AD. So, we asked the customer to check if the group is added to Prolaborate and shared the steps to create and add a group.
Since the customer had difficulties with the troubleshooting, we went on a call and created a new group in Azure AD and assigned the users to this new group and then added it to Prolaborate.
We also found that the group claim was missing, so we configured the group claim.
Remediation
Group Claim
Add the Group claim in the Attribute Mapping section of the Prolaborate SAML Settings page.
User Group
- Make sure the user is present in the SAML group with the corresponding permissions to access the Prolaborate application. Follow the steps outlined below to check or add users to the SAML group in Azure AD SSO.
- Click on "Users and groups" and then click on the user's Display Name.
- Then click on the Group membership count to view the list of groups in which the user belongs.
- If you have not been able to find the group in the list, click on 'Add Memberships' and choose the desired SAML group.
- If you do not have a group in the "Select Groups" section, create a new group by following steps outlined below, and add this new group membership to the user.
Access Control Profile
- When the SAML group is not properly linked with its corresponding Access Control Profile, users encounter a “Permission Denied” error in Prolaborate. When the SAML group-based restriction is active, Prolaborate restricts access for users who belong to SAML groups not linked with Access Control Profiles.
- Navigate to Menu->SAML Single Sign On.
- In the Access Control Profile section, click on the drop down and select the desired Access Control Profile. If you want to add another profile and its SAML Group click on the “Add” button.
- In SAML Group field, enter the respective SAML Group name and click save.
Escalation Contact
L2 Team, Product Team
Reference
Ticket ID: #4909
Subject: Assistants SSO usage with EASparx, Medux
Department: Sparx Platform Support
Ticket ID: #6707
Subject: SSE SaaS EA/Prolaborate: one user can't log in
Department: Sparx Platform Support
Related Articles
Prolaborate Active Directory Troubleshooting and Known Issues
This consolidated document summarizes the customer‑reported issues related to setting up Active Directory (AD) with Prolaborate. The goal is to help support teams and automated systems (e.g., Zoho Desk) identify known problems and guide customers ...FAQ's - Active Directory
Q1: When setting up active directory, we used several test credentials that were all valid and created a profile at the time but have now since been revoked. We are unable to find the option to delete these unnecessary profiles. Answer We have not ...Known issue - Active Directory
hhhFAQs - Active Directory Federation Services
Q1. As our installation is set up now, any user can visit the (ADFS) link to our Prolaborate installation and thus consume a license. It is not an optimal solution. Do you have any other customers using ADFS, and that might have a better solution to ...Troubleshooting-Model Management
Q1:Prolaborate Composite Diagram Feature Opening Property Window Instead of Displaying Diagram Description When a diagram in EA contains an object that is itself a diagram, double-clicking on that element opens the nested diagram. However, in ...