Smartstaff
1,385
edits
Changes
→Mandatory Settings
* '''Unique Identifier Field (UID)''' - used to identify the user account and needs to be an attribute that is unique to each user in SmartSimple. This needs to be an attribute common to both the SmartSimple and the client-side system (typically e-mail address or employee ID).
* '''X509Certificate (SAML2 Only)''' - the signing certificate to be provided by the client. The formatting of this should be the certificate value without the "begin certificate" and "end certificate" header and footer lines. Also, depending on how the client-side system sends this value within the SAML assertion the certificate value will typically be formatted to just a single line but could also be multiple lines and so must be entered into SmartSimple in the same format.
* '''Timestamp Time Zone''' - used to read the incoming SSO message timestamp from Identity Provider configured time zone. Default value is "--UTC/GMT--". Settings will need to be adjusted when the error "SAML response expired" is found in the log file during debug mode.
* '''Third-Party Identity Provider'''- specify what SSO authentication method is used (Identity-Provider initiated or Service Provider-initiated)
** '''Endpoint''' - specify the redirect IdP-initiated or SP-Initiated endpoint. This redirect will be rendered in the [[Login Page]].
* It is also recommended to disable the Session Timeout Alert setting within the Global Settings -> Security section as that feature would not be applicable to users logged in through single sign-on.
* By default, SSO acts as an additional method of authentication. If you wish to enforce the use of SSO, and restrict the regular username and password authentication, you can do so with the Global Settings -> Integration -> Enforce SSO setting which allows you to restrict a set of user roles to only be able to login through SSO.
