Why work with your IdP
To enable SSO for users and administrators in your organization, you must work with your Identity Provider (IdP) to create a corporate database that contains usernames and passwords of inSync users and administrators. If your organization is using an IdP, you can configure inSync to recognize this IdP. The IdP maintains a record of credentials and validates a username against its password for each login attempt. inSync supports leading IdPs such as Okta, PingIdentity, OneLogin, and Active Directory Federation Services (ADFS).
Obtain IdP details
To configure inSync for SSO, you must obtain the following information from your IdP.
- The SAML version: The SAML version the identity provider uses (1.1 or 2.0). We recommend that you use SAML 2.0.
- The entity ID of the IdP: The identity of the issuer in SAML requests sent by inSync. inSync typically sends requests to the issuer specified by the entity ID.
- The IdP certificate: The authentication certificate that your IdP provides.
Note: Save the certificate that your IdP shares with you. You must use this certificate at the time of configuring inSync.
Additionally, you must work with your IdP to decide URLs for the following pages:
- The metadata page: The page that contains details about IdP and your Service Provider.
- The start page: The page to which a user is directed upon successful completion of single sign-on.
Note: In SAML 2.0, the start page is the page the user attempted to access before they are authenticated.
- The logout page: The page to which a user is directed to on logging out of inSync.
- The IdP start page: The page to which inSync sends a SAML request to initiate a login.
- inSync Login page: The default inSync login page.
- Error page: The page to which a user should be directed to if an SSO error is encountered. This page must be publicly accessible.
Note: We recommend that you set a logout page if you set the start page for SSO. If you do not set a logout page, users are redirected to the default inSync Cloud login page.