Configure OverOps to validate users via SAML to access environments with different owners


How do you configure SAML SSO access to OverOps where the environments are owned (the Owner) by two or more different users?


Validate that the following listed properties are configured in the configuration file and the values are set accordingly.

Note: All settings must be configured in the file located under /<INSTALL_PATH>/takipi-server/conf/tomcat/shared/directory.

  • Enables the backend to utilize SAML SSO to authenticate users via IdP.


  • Location of the metadata that is provided by the IdP. The full path to the metadata file must be provided.


  • Sets the backend server to not use a domain initializer. Important to set due to all environments having different owners.


  • Applies the role in which a user will be assigned when logging in for the first time. The role can be set either as Admin , Member (default if this parameter is not used), or Viewer . Best practice is not to set as Admin.
  • Sets the appropriate values mapped from the users’ information within the IdP’s application to be displayed properly within OverOps. If not used, field names will be populated with the alias portion of the email address.



  • Adding this parameter assigns a different separator (such as a colon [:]) to be used. If this property is not used within the properties file, a blank space will be used as the default separator between the environment and role that is passed within the SAML response.


This setup ensures that users are being authenticated via SAML and are given access to the OverOps application.

There is no domain initializer set, so all users that authenticate via SAML will gain access to all OverOps environments. Users will be provided access with the role that is set with the SAML_BASIC_SSO_MODE_DEFAULT_ROLE= parameter.

For explanation on each of the parameters being used, please refer to the following docs:
On Premises Configuration of SAML
4.53 SAML Security Updates