search
Illumina Connected SoftwareIllumina.comIllumina Support

How to configure Single Sign On (SSO) for an Illumina Enterprise domain using Entra ID

Follow the steps below to configure the IDP (Entra ID) and SP (Illumina) for SSO on an Illumina Enterprise domain.

Note: Illumina supports SP-initiated login only; users must sign in via an illumina.com URL (eg, https://{domain}.login.illumina.com or https://{domain}.basespace.illumina.com).

  1. Choose Create your own application from the Entra App Gallery page and select the Integrate any other application you don't find in the gallery (Non-gallery) option. Here the application name is "Illumina":

  2. From the Overview page for the application created in Step 1, select "Set up single sign on."

  3. Select the SAML option.

  4. Under "basic SAML Configuration" select Edit:

  5. Enter the following URLs in the appropriate fields and select Save.

  • Identifier (Entity ID): https://login.illumina.com/saml-service/saml/metadata

  • Reply URL: https://login.illumina.com/saml-service/saml/SSO

  • Logout URL: https://login.illumina.com/saml-service/saml/SingleLogout

  1. Download the IDP metadata XML file, called "Federation Metadata XML" on Entra:

  2. Sign into the Illumina Enterprise account and navigate to the DOMAIN tab within the IAM Console.

  3. Select AUTHENTICATION from the left side navigation and select the SAML button.

  4. Under "Select SAML configuration file" select the Choose File button and navigate to the metadata XML file downloaded in Step 6.

  5. Select the Upload button and, when prompted, select Save Changes.

  6. Select Download under "Metadata XML file (SP)" to download the Illumina SP metadata XML file to be uploaded to the IDP account.

  7. From the Single sign-on configuration page in the Entra portal, select Upload metadata file.

  8. Select Select a file and navigate to the file downloaded in Step 11 (illumina_sp.xml) and select Add.

  9. Make sure the Entity ID, Reply URL, and Logout URL fields are still populated correctly. If they are not, refer to Step 5 to correct them. For example, the Reply URL may not be populated correctly, as shown below.

  10. Select Save under the Basic SAML Configuration heading to save settings on the Entra ID IDP side.

  11. Obtain the SAML Attribute Mapping values for EmailId, Last name, and First name from the IDP and enter them into the relevant fields in the Authentication Configuration page within the Illumina IAM console:

  • For Entra ID, these values can be found by selecting the "Edit" button on the User Attributes & Claims card:

  • The attributes needed are in the Claim name column under Addtional claims, shown below:

  • IMPORTANT: The above screenshot shows the default claims created by Entra ID. The claim mapping to user.mail (called "emailaddress" in this example) can sometimes be null. In that case, use the claim mapping to user.userprincipalname. Claims can be modified, added, and deleted. However, at a minimum, the values provided in the SAML Authentication Configuration in the Illumina IAM console for the fields EmailId, First name, and Last name must map to the Entra ID attributes that provide the user's full Email address, First name and Last name, respectively.

Once settings have been saved on both the IDP and SP ends, it will take some time for everything to sync on the Illumina side. Wait at least 15 min, and be aware that settings can sometimes take over an hour to sync.

Note: IDP Initiated Login may not be compatible with Illumina Login. In this scenario, use the direct url for the Illumina enterprise domain.

For any feedback or questions regarding this article (Illumina Knowledge Article #5972), contact Illumina Technical Support [email protected]envelope.

Last updated

Was this helpful?