Changes

Single Sign-On

40 bytes added, 19:13, 5 January 2023
Mandatory Settings
====Mandatory Settings====
* '''SSO Alias''' - used to identify the SSO connection and should be configured by default to be 'SAML2'. If multiple SSO connections are to be configured then you may include an additional element on the client-side assertion named 'SSOModule' to specify the SmartSimple connection by matching a unique "SSO Alias" value.
* '''Unique Identifier Field (UID)''' - used to identify the user account and needs to be an attribute that is unique to each user in SmartSimple. This needs to be an The value for the attribute common to both "NameID" from the SSO assertion should match the value from the SmartSimple and field selected in the client-side system dropdown list.(typically e-mail address or employee ID).
* '''X509Certificate (SAML2 Only)''' - the signing certificate to be provided by the client. The formatting of this should be the certificate value without the "begin certificate" and "end certificate" header and footer lines. Also, depending on how the client-side system sends this value within the SAML assertion the certificate value will typically be formatted to just a single line but could also be multiple lines and so must be entered into SmartSimple in the same format.
* '''Timestamp Time Zone''' - used to read the incoming SSO message timestamp from Identity Provider configured time zone.  Default value is "--UTC/GMT--". Settings will need to be adjusted when the error "SAML response expired" is found in the log file during debug mode.
Smartstaff
1,385
edits