Smartstaff
1,385
edits
Changes
→Configuration for SSO in production instance
==Example SSO configuration in SmartSimple==
===Configuration for SSO in production instance===
Configuration below is for SSO Login within the client's SmartSimple production instance.
====SmartSimple SSO configuration as the Service Provider====
A. SSO Configuration
1. Navigate to '''Global Settings''' → '''Integrations''' tab → '''Single Sign-On''' section
2. Click on the “+” icon to create a new SSO configuration on the instance
3. Fill out the mandatory fields:
a. '''SSO Alias''': '''''SAML2''''' (default alias for production instance)
b. '''Signing Certificate (X.509)''': cut and paste the x509 certificate after configuration of the client's Identity Provider
c. '''Timestamp Time Zone''': '''''--UTC/GMT--''''' (default from the dropdown)
d. '''MES Group Identifier''': '''''SSOProd''''' (free text field)
e. '''MES Environment Identifier''': '''''alias.smartsimple.com''''' (client's url production instance)
f. '''Method''': '''''Identity Provider-initiated''''' (default setting)
g. '''Identity Provider Service Endpoint''': this is the url login redirect.
- For Azure, the value in "'''''User Access URL'''''" (Found under "Properties")
- For OKTA, the value in "'''''Embed Link'''''" (Found under "General" tab in the "App Embed Link" Section)
- For ADFS the redirect is https://adfs.yourlocaldomain.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://alias.smartsimple.com/
h. '''Unique Identifier FIeld (UID)''': from the dropdown, select '''''*E-Mail''''' (Default value but it can also be the Employee ID or any unique identifier in the user profile)
f. '''Bypass Multi-Factor Authentication (MFA)''': enabled
4. Click Save
B. Login Page Configuration
1. Navigate to '''Global Settings''' → '''Branding''' tab → '''Login Pages''' section
2. From the '''Primary''' tab, click on the pencil icon for the first item on the list view - the default Login Page
3. From the '''General''' tab, go to the '''Single Sign-On''' section and complete the two fields
a. '''MES Group Identifier''': from the dropdown, select '''''SSOProd''''' (From 3d above)
b. '''Link Label''': '''''Employee Login''''' (free text field)
4. Click Save
Upon logout, the SSO button will be visible below the the username/password.
[[File:SSO_Login.png|thumb|none|300px|SSO User Creation Settings.]]
====Identity-Provider SSO configuration====
===Configuration for multi-environment SSO===
