SSO configuration workflow
This table describes the chronology that you should follow for enabling SSO for administrator as well as user access.
|1||Work with your IdP|| |
Before you enable SSO, you must first set up a corporate database with an Identity Provider (IdP). If your organization is using an IdP, you must work with your IdP to get details such as IdP URL and IdP certificate.
inSync supports leading IdPs such as Okta, PingIdentity, OneLogin, and Active Directory Federation Services (ADFS).
To enable SSO access for users and administrators, you must configure inSync to recognize IdP details that you obtained when you performed Task 1.
|3||Generate SSO token||To allow your IdP to recognize requests that inSync sends, you must first generate an SSO token, and then update your IdP configuration with this token. The SSO token uniquely identifies inSync login requests. For login attempts, inSync sends a request to the IdP (typically using HTTP POST). In its response, the IdP attaches this token, thereby indicating the veracity of authentication requests. When inSync receives this response, it uses the SSO token ID to validate the authenticity of the IdP response.|
|4||Update IdP details||To provide the authentication token to your IdP, you must update your IdP configuration to include this token.|
|5 ||Enable SSO for administrators|| |
As a last step, you must configure inSync to enable SSO for users and administrators.
|Enable SSO for users||To allow SSO access for users, you must create or update user profiles to enable SSO. Thereafter, you must sssign the users to these profiles.|
|6||Share the SSO workflow with administrators and users||For greater understanding, share this handy article describing the SSO workflow with your administrators and users.|