Skip to main content

Get Started with Admin Portal

SAML Jackson comes with an Admin Portal that allows you to manage Enterprise SSO, Directory Sync, Setup Links, and Audit Logs products via an easy to use web interface.

Our future products (where relevant) will also be available in the Admin Portal.

To enable the Admin Portal, make sure you deploy Jackson as a service.

Authentication Methods

BoxyHQ SAML Jackson supports multiple authentication methods. You can choose to use any of the following methods to authenticate users to the Admin Portal.

We use NextAuth to handle authentication. Set the following environment variables to configure the authentication.

  • NEXTAUTH_URL: The URL of your app.
  • NEXTAUTH_SECRET: A secret used to encrypt the session cookie. You can generate one using openssl rand -base64 32

With Magic Links, you can sign in to the Admin Portal without having to enter a password. The app will send you an email with a link to sign in. You'll need SMTP server credentials to send emails.

Configure the following environment variables to enable Magic Links.

  • SMTP_HOST: SMTP server host
  • SMTP_PORT: SMTP server port
  • SMTP_USER: SMTP server username
  • SMTP_PASSWORD: SMTP server password
  • SMTP_FROM: From email address to use when sending Magic Link emails
  • NEXTAUTH_ACL: An array of emails or glob patterns. Only these users will be allowed access to the Admin Portal. For example: [email protected],*@marvel.com

Follow the below steps to login into the Admin Portal.

  • Visit the path /api/auth/signin on your app.
  • Enter the email address that matches the NEXTAUTH_ACL and click the button Send Magic Link.
  • Open the inbox and you'll see an email from SAML Jackson.
  • Open that email and click the button Sign in.

2. Email and Password

With Email and Password, you can sign in to the Admin Portal using an email address and password. You can use it as an alternative to Magic Links or SAML Single Sign-On. This is the easiest way to get started with the Admin Portal.

Configure the environment variable to enable Email and Password authentication.

At the moment, set the password as plain text. We'll add support for encrypted passwords soon.

Follow the below steps to login into the Admin Portal.

  • Visit the path /api/auth/signin on your app.
  • Enter the email address and password that matches the NEXTAUTH_ADMIN_CREDENTIALS and click the button Sign In.

3. SAML/OIDC Single Sign-On

With SAML/OIDC Single Sign-On, you can sign in to the Admin Portal using your Identity Provider. The app will redirect you to your Identity Provider to sign in. Once you've signed in, you'll be redirected back to the Admin Portal.

Configure the following environment variables to enable SAML/OIDC Single Sign-On.

  • ADMIN_PORTAL_SSO_TENANT: This will be used as the tenant for the SSO connections. Set this to a value that is less likely to conflict with the main Enterprise SSO connections.
  • ADMIN_PORTAL_SSO_PRODUCT: This will be used as the product for the SSO connections. Set this to a value that is less likely to conflict with the main Enterprise SSO connections.

If not set, the default values will be used which are _jackson_boxyhq and _jackson_admin_portal.

To enable SAML/OIDC Single Sign-On, you'll need to access the Admin Portal using either Magic Links or Email and Password. Once you've logged in, you can configure SAML/OIDC Single Sign-On from the Admin Portal.

Go to Settings > SSO for Admin Portal and add a new SSO connection. We support both SAML and OIDC protocols.

Follow the below steps to login into the Admin Portal.

  • Visit the path /api/auth/signin on your app.
  • Click the button Login with SSO.
  • You'll be redirected to your SAML Identity Provider to sign in for the authentication and then redirected back to the Admin Portal.