Overview
SAML-based single sign on (SSO) gives members access to DvSum through an identity provider (IdP) of your choice.
SSO, or Single Sign-On, is a service for session and user authentication. It enables users to use a single set of login credentials to access multiple applications. This simplifies the management of various usernames and passwords for both enterprises and individuals.
DvSum enables you to secure your account by providing Web SSO capabilities based on popular standards such as SAML-based identity provider, allowing your enterprise user directory or third-party IdP to secure your applications via standards-based security tokens.
Certified identity providers:
- ADFS
- Microsoft Entra
- Okta
- OneLogin
Detailed Steps
Step 1: Log in to your Owner account ➔ Go to the Administration tab ➔ Account Settings➔ Click on SSO
Step 2: Click the button "Add Identity Provider" to navigate to the following form.
Step 3: Download the DvSum SP Metadata file and configure your IdP to add DvSum as an application.
Step 4: Fill the form with all the required fields.
Provider Name - Give a unique provider name in case you have multiple IdP's. The Provider Name cannot be updated once configured. Provider Name can only be alphanumeric and must be 3 to 32 characters long and must start with a letter and cannot have special characters or spaces.
Identifier - This is your company's domain name, e.g. mycompany.com.
IdP Metadata - This is the metadata information from your Identity Provider. You can either provide a url, or you can upload a local copy of the metadata file.
Attributes - DvSum requires one attribute:
attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
value: Email
Step 5: Click Save. You will be directed to the IdP Listing page.
Step 6: When a user enables the SSO Toggle button, he will be prompted with a confirmation:
After clicking OK, SSO will be enabled in Test Mode.
All administrators will receive an email notification informing them of this change.
Note: In Test mode, Single Sign-On will exclusively apply to all administrators. They have the option to test their login using either the corporate email ID or basic authentication credentials. This adjustment will not affect Super users or regular Users, and they will continue to log in using basic authentication.
Step 7: After the Admin successfully verifies the SSO corporate login in Test mode, they can proceed to enable SSO in Live mode.
When you make Single Sign-on live, all active users of DvSum will be required to use their SSO credentials to sign-in. Their existing DvSum passwords will be deleted. An email notification will be sent to all the active users of DvSum.
An email will also be sent to all active users and they will not be able to login using Basic authentication
Adding Multiple Identity Providers
Step 8: Add a new identifier and ensure that a different identifier is given while keeping the Metadata URL the same. After providing the information, save the changes.
Both domains should now work with SSO.
Clicking "Sign in" will redirect to the identity provider (Okta).
add the below
Once the user is verified by Okta, they will be logged in to the application.
Clicking "Sign in" will redirect to the identity provider (Okta).
After Okta verifies the user, they will be logged into the application.
Step 9: If Owner turns off the SSO configuration from Manage account, an email will be sent to all users.
Note: When Single Sign-On is disabled, all users will be authenticated by the Basic Authentication process, requiring them to set up a password.
SAML Configuration to Okta:
Please use following link to configure SAML integration for your Okta application.
Additional Reference to Configure Microsoft Entra Application:
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal-setup-sso
0 Comments