Changes

Jump to: navigation, search

Single Sign-On

152 bytes removed, 17:57, 23 January 2023
Example SSO configuration in SmartSimple
==Example SSO configuration in SmartSimple==
===Configuration for SSO in production instance===
Configuration below is for SSO Login within the client's SmartSimple production instance.  
====SmartSimple SSO configuration as the Service Provider====
A. SSO Configuration</br> 1. Navigate to '''Global Settings''' → '''Integrations''' tab → '''Single Sign-On''' section</br> 2. Click on the “+” icon to create a new SSO configuration on the instance</br> 3. Fill out the mandatory fields:< '''SSO Alias''': '''''SAML2''''' (default alias for production instance) '''Signing Certificate (X.509)''': cut and paste the x509 certificate after configuration of the client's Identity Provider '''Timestamp Time Zone''': '''''--UTC/GMT--''''' (default from the dropdown) '''MES Group Identifier''': '''''SSOProd''''' (free text field) '''MES Environment Identifier''': '''''alias.smartsimple.com''''' (client's url production instance) '''Method''': '''''Identity Provider-initiated''''' (default setting) '''Identity Provider Service Endpoint''': this is the url login redirect. For Azure, the value in "'''''User Access URL'''''" (Found under "Properties") For OKTA, the value in "'''''Embed Link'''''" (Found under "General" tab in the "App Embed Link" Section) For ADFS the redirect is https://adfs.yourlocaldomain.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://alias.smartsimple.com/br>
'''SSO Alias''': '''''SAML2''''' (default alias for production instance)</br>'''Signing Certificate (X.509)''': cut and paste the x509 certificate after configuration of the client's Identity Provider</br>'''Timestamp Time Zone''': '''''--UTC/GMT--''''' (default from the dropdown)</br>'''MES Group Identifier''': '''''SSOProd''''' (free text field)</br>'''MES Environment Identifier''': '''''alias.smartsimple.com''''' (client's url production instance)</br>'''Method''': '''''Identity Provider-initiated''''' (default setting)</br>'''Identity Provider Service Endpoint''': this is the url login redirect. </br> - For Azure, the value in "'''''User Access URL'''''" (Found under "Properties") </br> - For OKTA, the value in "'''''Embed Link'''''" (Found under "General" tab in the "App Embed Link" Section)</br> - For ADFS the redirect is https://adfs.yourlocaldomain.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://alias.smartsimple.com/</br>'''Unique Identifier FIeld (UID)''': from the dropdown, select '''''*E-Mail''''' (Default value but it can also be the Employee ID or any unique identifier in the user profile)</br>'''Bypass Multi-Factor Authentication (MFA)''': enabled</br>4. Click Save</br>B. Login Page Configuration</br>1. Navigate to '''Global Settings''' → '''Branding''' tab → '''Login Pages''' section</br>2. From the '''Primary''' tab, click on the pencil icon for the first item on the list view - the default Login Page</br>3. From the '''General''' tab, go to the '''Single Sign-On''' section and complete the two fields</br>'''MES Group Identifier''': from the dropdown, select '''''SSOProd'''''</br>'''Link Label''': '''''Employee Login''''' (free text field)</br>4. Click Save</br>
Upon logout, the SSO button will be visible below the the username/password.</br>'''Bypass Multi-Factor Authentication (MFA)''': enabled
[[File:SSO_Login4.png|thumb|none|300px|SSO User Creation SettingsClick Save B.]]Login Page Configuration
====Identity-Provider SSO configuration====1. Navigate to '''Global Settings''' → '''Branding''' tab → '''Login Pages''' section
===Configuration 2. From the '''Primary''' tab, click on the pencil icon for multithe first item on the list view -environment SSO===the default Login Page
===Configuration for 3. From the '''General''' tab, go to the '''Single Sign-On''' section and complete the two IdP within production instance===fields'''MES Group Identifier''': from the dropdown, select '''''SSOProd''''''''Link Label''': '''''Employee Login''''' (free text field)
4. Click Save
Upon logout, the SSO button will be visible below the the username/password.
[[File:SSO_Login.png|thumb|none|300px|SSO User Creation Settings.]]
====Identity-Provider SSO configuration====
===Configuration for multi-environment SSO===
===Configuration for two IdP within production instance===
[[Category:Integration]][[Category:System Integration]]
[[Category:Identity and Access Management]]
[[Category:Security]]
Smartstaff
1,390
edits

Navigation menu