Changes

Single Sign-On

7 bytes added, 14:39, 27 September 2016
no edit summary
[[image:sso-002.png]]
* "SSO Alias" is used to identify the SSO connection and should be configured by default to be 'SAML2'. If multiple SSO connections are to be configured then you may include an additional attribute <Attribute> element on the client-side assertion called named 'SSOModule' to specify the SmartSimple connection by matching a unique "SSO Alias" value
* "Unique Identifier Field (UID)" is used to identify the user account and needs to be an attribute that is unique to each user in SmartSimple. This needs to be an attribute common to both the SmartSimple and the client-side system (typically e-mail address or employee ID)
* "X509Certificate (SAML2 Only)" is the signing certificate to be provided by the client. The formatting of this should be the certificate value without the "begin certificate" and "end certificate" header and footer lines. Also, depending on how the client-side system sends this value within the SAML assertion the certificate value will typically be formatted to just a single line but could also be multiple lines and so must be entered into SmartSimple in the same format
The elements required for setup of the client-side identity provider connection are listed below.
* Unique user identifier. Within the SAML assertion, this value can be sent in the standard <NameID> element, or optionally within an <Attribute> element named ''UID''
* Assertion Consumer Service URL. This will be equal to '/SAML2/' suffixed to your SmartSimple instance URL, e.g. '''https://alias.smartsimple.com/SAML2/'''
* Service Provider's Entity ID. This can be equal to the same as above Assertion Consumer Service URL
Smartstaff, administrator
687
edits