Getting Started With SSO
Single Sign-On (SSO) adds convenience to the sign-on process by permitting the user to use one set of login credentials to access multiple applications.
Note: Currently we only support SAML 2.0 and IdP Initiated SSO. You'll need to confirm with your IT team to see if it is compatible with their systems before requesting SSO. Not sure what SAML is? Check out this article.
- Your ObservePoint rep will generate a Metadata Configuration file (.xml format).
- Your Identity/Access Provider Admin (IDP) will configure a new SSO application in their system, upload the file we generated, modify any settings they require, and send us a .xml file containing the login URL and the certificate.
- Your ObservePoint rep will configure the login URL and certificate for your account.
- We will notify you that SSO is ready to test and confirm successful login.
Please reach out to your Success Manager to get started.
SSO Technical Process
For a technical discussion about how SSO works, see the explanation below:
When the user switches between different applications, SSO authenticates that they have been given rights to access that application and allows the switch without additional login credentials.
A user navigates to app.observepoint.com, and an authentication service created by ObservePoint searches for an existing token. If the user has permissions for SSO, they are redirected to the enterprise login screen instead of the ObservePoint login screen. The Identity Provider (IdP) checks whether the user has permissions for SSO. After successful login, the user is brought back to the ObservePoint application.
As soon as the user is logged in, a SAML token is generated by the IdP with pertinent information, and the user is redirected to the page. Each subsequent page they visit is verified with the SAML token to identify the permissions granted to the user.
Related SSO Help Documents
Below are documents that go into more detail on how to set up SSO with ObservePoint.
Image source - techtarget.com