Login using SSO

SSO (Single sign-on) is a session and user authentication service that permits a user to use one set of login credentials (name and password) to access multiple applications.

The SSO option is managed by the super admin. The super admin role includes can enable the SSO option for the company, and, manage roles and attributes received from SSO. 

The user will be able to log in using SSO by clicking on the new SSO button. 

To enable the SSO feature for your team, you will have to define configurations on GlarAssist backoffice. Once in the SAML SSO tab, you must fill all the requested information in order to enable this feature for your team:

• Single sign-on URL: URL to send the SAML authentication requests to.

• IdP Entity ID or Issuer URL: You can find the value in your SAML server configuration or in the metadata XML provider by your IdP.

• Signing certificate: X509 certificate to verify the signature in the SAML authentication response.

• Default membership role: Default membership role if the role field is not found or its value is not defined in SAML groups.
  

• SAML Callback URL 

Optional Configuration

• Sign SAML authentication request: Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints.

• Group attribute name: The attribute name for group in the SAML response.

• SAML Attributes: Add a list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules.  

• Constant Attributes: Service Provider Attribute

• SAML Group Name: Choose a name for the SAML Group

• Access Level: The access level the user can have - regular or admin.

The SSO include many advantages as it enables users to remember and manage fewer passwords and usernames for each application, streamlines the process of signing on and using applications – with no need to re-enter passwords.