Changes

A. SSO Configuration </br>1. Navigate to '''Global Settings''' → '''Integrations''' tab → '''Single Sign-On''' section</br>2. Click on the “+” icon to create a new SSO configuration on the instance</br>3. Fill out the mandatory fields: a. '''SSO Alias''': '''''SAML2''''' (default alias for production instance) b. '''Signing Certificate (X.509)''': cut and paste the x509 certificate after configuration of the client's Identity Provider c. '''Timestamp Time Zone''': '''''--UTC</GMT--''''' (default from the dropdown) d. '''MES Group Identifier''': '''''SSOProd''''' (free text field) e. '''MES Environment Identifier''': '''''alias.smartsimple.com''''' (client's url production instance) f. '''Method''': '''''Identity Provider-initiated''''' (default setting) g. '''Identity Provider Service Endpoint''': this is the url login redirect. - For Azure, the value in "'''''User Access URL'''''" (Found under "Properties") - For OKTA, the value in "'''''Embed Link'''''" (Found under "General" tab in the "App Embed Link" Section) - For ADFS the redirect is https://adfs.yourlocaldomain.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://alias.smartsimple.com/ h. '''Unique Identifier FIeld (UID)''': from the dropdown, select '''''*E-Mail''''' (Default value but it can also be the Employee ID or any unique identifier in the user profile) f. '''Bypass Multi-Factor Authentication (MFA)''': enabled4. Click SaveB. Login Page Configuration1. Navigate to '''Global Settings''' → '''Branding''' tab → '''Login Pages''' section2. From the '''Primary''' tab, click on the pencil icon for the first item on the list view - the default Login Page3. From the '''General''' tab, go to the '''Single Sign-On''' section and complete the two fields a. '''MES Group Identifier''': from the dropdown, select '''''SSOProd''''' (From 3d above) b. '''Link Label''': '''''Employee Login''''' (free text field)4. Click Savebr>

'''SSO Alias''': '''''SAML2''''' (default alias for production instance)</br>'''Signing Certificate (X.509)''': cut and paste the x509 certificate after configuration of the client's Identity Provider</br>'''Timestamp Time Zone''': '''''--UTC/GMT--''''' (default from the dropdown)</br>'''MES Group Identifier''': '''''SSOProd''''' (free text field)</br>'''MES Environment Identifier''': '''''alias.smartsimple.com''''' (client's url production instance)</br>'''Method''': '''''Identity Provider-initiated''''' (default setting)</br>'''Identity Provider Service Endpoint''': this is the url login redirect. </br> - For Azure, the value in "'''''User Access URL'''''" (Found under "Properties") </br> - For OKTA, the value in "'''''Embed Link'''''" (Found under "General" tab in the "App Embed Link" Section)</br> - For ADFS the redirect is https://adfs.yourlocaldomain.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://alias.smartsimple.com/</br>'''Unique Identifier FIeld (UID)''': from the dropdown, select '''''*E-Mail''''' (Default value but it can also be the Employee ID or any unique identifier in the user profile)</br>'''Bypass Multi-Factor Authentication (MFA)''': enabled</br>4. Click Save</br>B. Login Page Configuration</br>1. Navigate to '''Global Settings''' → '''Branding''' tab → '''Login Pages''' section</br>2. From the '''Primary''' tab, click on the pencil icon for the first item on the list view - the default Login Page</br>3. From the '''General''' tab, go to the '''Single Sign-On''' section and complete the two fields</br>'''MES Group Identifier''': from the dropdown, select '''''SSOProd'''''</br>'''Link Label''': '''''Employee Login''''' (free text field)</br>4. Click Save</br> Upon logout, the SSO button will be visible below the the username/password.</br>