Enables users to authenticate to multiple applications by using single sign-on
In this article, you will learn how to set up Single Sign-On (SSO) using the SAML protocol in Azure Active Directory (Azure AD). SSO is an authentication method that allows users access to multiple applications with a single account. This will allow you to onboard your users using SSO and let them access the Staffbase platform using the same credentials they use to access other platforms in your organization. Show SSO is optional for user management. You can choose an option based on your business requirements. Learn more about other options.
You need to create an enterprise application in Azure AD to set up SSO. Staffbase recommends creating a dedicated application to maintain users for your Staffbase platform. If you want to , you are able to use a single enterprise application for both SSO and SCIM for your user management.
After creating the enterprise application, you can decide on which Azure AD users need access to the Staffbase platform using SSO. Staffbase recommends adding a few users initially to test that everything works as expected.
The Users and groups page opens.
Once you have created the application, you need to define the SAML protocol.
The Set up Single Sign-On with SAML page opens. To continue the setup process, you will need to work closely with the Staffbase Support team. First, contact the team and inform them that you're setting up SSO with Azure AD. You will receive the information needed to proceed with the setup and have to provide them with the information listed below. Exchange Information With Staffbase SupportTo continue setting up SSO with SAML, you need to: Receive Information From StaffbaseYou will receive the following to complete the SSO setup:
Provide the following information to Staffbase:
You can copy App Federation Metadata Url from Set up Single Sign-On with SAML page under the SAML Signing Certificate section. For now, you can ignore the warning that you need to complete Step 1 before adjusting the other Steps. You will get the details in order to complete the other steps after you provide all the required information to Staffbase Support.
If the session lifetime is not configured, you are using the default session lifetime. Learn more . Staffbase recommends disabling , as they could lead to sign-in issues for users with older sessions. Notify your Staffbase Support team if it cannot be disabled.
Staffbase recommends to keep on-demand provisioning with other user management strategies separate. For example, if you are already using CSV import or User API for onboarding your users, you do not need on-demanding provisioning with SSO. Complete the SSO ConfigurationAfter receiving the information from Staffbase, you can complete the SSO configuration. Step 1: Basic SAML Configuration
Step 2: Attributes & Claims
You can modify a claim and adjust its values according to your business requirements.
The Unique User Identifier (Name ID) value and the identifier in your Staffbase platform must match for each user using SSO. If you want to use a different value from the one already in place for your users in your Staffbase platform, you will need to update the user identifiers in your Staffbase platform first. In such a case, ensure that all future user management also includes these new identifiers.
You need to add a new claim only if you want to use SSO for on-demand provisioning.
The values are auto-filled based on your enterprise application and Azure AD tenant. The values are auto-filled based on your enterprise application and Azure AD tenant. Step 5: Test single sign-on
After testing the SSO authentication works as expected, you can add all users in Azure AD to the enterprise application. What enables users to authenticate to multiple applications by using single signWith federated single sign-on, Azure AD authenticates the user to the application by using their Azure AD account. This method is supported for SAML 2.0, WS-Federation, or OpenID Connect applications. Federated SSO is the richest mode of SSO.
What is single signThe user signs in only one time, hence the name of the feature (Single Sign-on). For example, if you log in to a Google service such as Gmail, you are automatically authenticated to YouTube, AdSense, Google Analytics, and other Google apps.
What is and how does single signSingle sign-on (SSO) is a technology which combines several different application login screens into one. With SSO, a user only has to enter their login credentials (username, password, etc.) one time on a single page to access all of their SaaS applications.
What are the different types of SSO?Types of Single Sign-on Protocols. Central Authentication Service (CAS) Developed by Shawn Bayern at Yale University, CAS differs from typical SAML SSO by enacting Server-to-Server communication. ... . Shibboleth SSO. ... . Cookie-Based SSO. ... . Claims-Based SSO. ... . NTLM-Based SSO. ... . Kerberos-based SSO. ... . SPNEGO-based SSO. ... . Reduced SSO.. |