Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Configuring Single Sign-On (SSO) certificates

By Jackie Sexton
  • Last updated
⌘ K
Search this article
Print this article

Who is this article for?

Administrators and Module Developers who are tasked with overseeing and managing SSO.

Defined responsibilities and elevated access required.

SAML Single Sign-On (SSO) certificate authentication provides a high standard of security. Once a user is authenticated for access to a secure domain on the customer’s network, they can be granted access to applications without applying credentials.

If SSO is required for a Subscriber, a certificate is uploaded to the system under the Admin Preferences - SSO Settings screen. Individual user SSO behaviors are not required unless certain users require the ability to configure login preferences via username and password.

Preference-SSO.png

SAML certificates are a digital certificate that authenticate and secure messages between identity providers (IdPs) and service providers (SPs). SAML certificates expire and need to be renewed periodically to maintain service and security. When a subscriber's Primary Certification nears its expiration date an administrator can upload a Secondary Certificate to ensure a valid certificate is always available.

The SSO Type is the same for both desktops and mobile devices, so there is no additional setup for SAML on mobile other than setting the Mobile SSO Type to “saml” on the Preferences screen.

The Request Endpoint URL is the URL of the Identity Provider (IdP) within the customer’s security domain. This address does not need to be reachable from the public Internet or from Ideagen servers, but the user’s web browser will need to have access to it directly, by VPN, or by another secure network.

Multiple IdP
Multiple Identity Providers (IdPs) can be used to sign on using SSO. To request the use of multiple IdPs, submit a ticket or contact your account manager or Project Team to discuss configuration options.

While the Match Field is typically “Logon username”, other common options are “E-mail address” or “Employee ID”. The Match Field will need to correspond to the users IdPs unique identifier and stored in the User object.

SAML Web Browser SSO/HTTP configuration values enable secure authentication by initiating a series of HTTPS transactions between the platform and the user's web browser.

Additional Documentation
For additional SSO information or to receive the SAML Single Sign-On Customer Implementation Guide, please submit a ticket

The information in the SAML Single Sign-On Customer Implementation Guide is confidential and should only be distributed to individuals that have signed a Non-Disclosure Agreement (NDA) with Ideagen and/or are covered by a contractual confidentiality clause.

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page