Single Sign-On (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of the related trusted systems and applications.
This streamlines user access, enhances security by reducing the number of passwords to manage, and improves the overall user experience.
Our platform supports integration with various Identity Providers (IdPs) using industry-standard protocols like SAML 2.0 and OpenID Connect.
Improved User Experience: Users can access multiple applications with a single set of credentials, saving time and effort.
Simplified Administration: Easier user onboarding and offboarding processes.
Increased Productivity: Faster access to necessary tools and applications.
Supported Protocols
We currently support the following protocols for SSO integration:
SAML 2.0 (Security Assertion Markup Language): A widely adopted XML-based standard for exchanging authentication and authorization data between parties.
OpenID Connect (OIDC): An identity layer built on top of the OAuth 2.0 framework, allowing clients to verify the identity of the end-user based on the authentication performed by an authorization server.
Choosing the right protocol often depends on your existing infrastructure and the capabilities of your Identity Provider.
Integration Steps (General)
The exact steps may vary slightly depending on your Identity Provider, but the general process involves configuring both our platform and your IdP.
Step 1: Identify Your Identity Provider (IdP)
Determine which IdP you will use (e.g., Okta, Azure AD, Google Workspace, Auth0, etc.).
Step 2: Configure Your IdP
In your IdP's administration panel, you will typically need to:
Create a new application or integration for our platform.
Specify the relevant URLs from our platform (e.g., Assertion Consumer Service (ACS) URL, Entity ID). These can be found in your account's SSO settings.
Configure attribute mappings to send necessary user information (like email, first name, last name) to our platform.
Download the IdP's metadata file or copy its configuration details (Entity ID, SAML Signing Certificate, SSO URL).
Step 3: Configure Our Platform
Navigate to the SSO settings within your account on our platform. You will typically need to:
Enable SSO.
Select the protocol (SAML or OIDC).
Upload the IdP metadata file or manually enter the IdP details (Entity ID, SSO URL, Certificate).
Configure attribute mappings to match the user attributes sent by your IdP.
Step 4: Test the Integration
After configuration, thoroughly test the SSO flow from both the IdP-initiated and our platform-initiated perspectives to ensure users can log in seamlessly.
Important Note: Always refer to the specific documentation for your Identity Provider and our platform's SSO settings page for precise instructions and required URLs.
Example: SAML 2.0 Configuration Snippet
Below is a simplified example of parameters you might encounter:
# From your Identity Provider (IdP)
IdP_Entity_ID: https://my.idp.com/entityid
IdP_SSO_URL: https://my.idp.com/sso/saml
IdP_Signing_Certificate: -----BEGIN CERTIFICATE-----
... your certificate ...
-----END CERTIFICATE-----
# For our platform (Service Provider - SP)
SP_Entity_ID: https://app.ourplatform.com/saml/metadata/your-account-id
SP_Assertion_Consumer_Service_URL: https://app.ourplatform.com/saml/consume/your-account-id
SP_Logout_URL: https://app.ourplatform.com/saml/logout/your-account-id
Troubleshooting Common Issues
Certificate Expiration: Ensure your IdP's signing certificate is up-to-date.
Attribute Mismatches: Verify that the attribute names sent by your IdP exactly match the expected names on our platform.
Incorrect URLs: Double-check that all Assertion Consumer Service (ACS) and Entity ID URLs are correct.
Clock Skew: Ensure the clocks on your IdP and our servers are reasonably synchronized.
If you encounter persistent issues, consult your IdP's specific troubleshooting guides or reach out to our support team with detailed error messages.