Single sign on is available to customers using the Protect Standard product.
To reach the configuration page, go to 'Settings' in the menu and select 'Security', as shown in the image below (followed by detailed instructions how to set up).
To set up the single sign on, follow the instructions below:
1. Enable "Allow users on this account to log in using single sign on" checkbox in order to active SSO for this account.
The basic SAML Configuration will then be shown (listed below); your IT representative should use this data to configure your SSO provider application.
- Identifier (Entity ID)
- Reply URL (Assertion Consumer Service URL)
- Sign on URL (Optional)
2. Upload your app federation metadata either via URL or as a file attachment.
3. In order to ensure communication between the systems, the following attributes need to be defined for proper mapping:
- Email attribute
- Name attribute
- Role attribute - The available options for the Role attribute are: ‘1’ for Admin and ‘2’ for User. Ensure the Role attribute is correctly mapped in the IdP to pass these values
Download certificate button is available for verification of the SAML response, if required.
Note: When setting up SSO with OKTA, you may encounter the following error:
"An error was encountered with the requested page. Invalid relayState from identity provider."
Please refer to the following user guide to create a workaround known as the Bookmark App: https://help.okta.com/en-us/content/topics/apps/apps_bookmark_app.htm
Similarly, when configuring SSO with Google IdP, it is recommended to create a bookmark using the Start URL.