| title | description |
|---|---|
SSO |
Enable seamless and secure access to multiple applications with Single Sign-On (SSO) using the SAML protocol, enhancing user experience and security. |
The SSO by SAML feature allows users to authenticate and access multiple applications using a single set of credentials via the Security Assertion Markup Language (SAML) protocol. This feature streamlines the login process, enhances security, and reduces the need for multiple passwords.
This feature is designed for organizations looking to implement Single Sign-On (SSO) for their users, providing a seamless and secure authentication experience across various applications.
- Centralized Authentication: Log in once to access multiple applications without re-entering credentials.
- Enhanced Security: Reduces the risk of password fatigue and phishing attacks by minimizing the number of passwords users need to remember.
- Improved User Experience: Simplifies the login process, reducing the time and effort required to access different services.
To access the SSO by SAML feature, you must provide either a SAML metadata link or specific configuration details to the Corgea support team.
- Access your SSO provider account and set up the SAML application using these parameters:
- Single Sign-On URL: https://www.corgea.app/saml/acs/
- Audience URI (SP Entity ID): https://www.corgea.app/saml/metadata/
- Default RelayState: https://www.corgea.app/projects/
- Name ID Format: EmailAddress
- Application Username: Email
- Update Application Username On: Create and update
For the "Attribute Statement (optional)" section, use the following mappings:
-
Name -> Value
- email -> user.email
- firstName -> user.firstName
- lastName -> user.lastName
Ensure to update permission setting for the user, if needed.
Upon completing the setup, a new SAML metadata link will be provided.
Log into your Corgea account and head to the "Integrations" section. Select the "Add" option within the "SAML SSO" area.
**Manual Entry (if necessary)**:
- Should manual input be needed, ensure you have the following details:
- **Entity ID**: The SAML entity's unique identifier.
- **X509 Certificate**: The certificate for signing SAML assertions.
- **Single Sign-On Service Location**: The URL for SAML IdP authentication responses.
- Once SAML configuration is properly configured, you should be now able to login through your SSO service.
- User Login: Authenticate through the SAML IdP and get redirected back to the application with a SAML assertion. After entering your email address on the initial login page, the "Login by SAML" option will appear on the step 2 page if the setup is correct. This option is triggered by the email domain.
- A configured SAML Identity Provider (IdP).
- Regularly Update Certificates: Ensure that your x509 certificates are up-to-date to maintain secure connections.
- Test Configurations: Before rolling out SSO to all users, test the configuration with a small group to ensure everything works as expected.
- Missing Referer Header: If you receive a "Missing Referer header" error, check that the HTTP_ORIGIN is correctly configured in the request headers.
- No SAML Configuration Found: If the configuration is missing, ensure that the correct referer URL or email domain is being utilized.
- Permission Update: If a user cannot access the SAML application, verify that their permissions are correctly configured and updated.
SCIM (System for Cross-domain Identity Management) is an open standard designed to manage user identities in cloud-based applications and services. It automates the exchange of user identity information between identity domains or IT systems, making it easier to manage user accounts across multiple platforms.
This feature is ideal for organizations that need to manage user identities across various applications efficiently.
- Automated User Provisioning: Automatically create, update, and deactivate user accounts in connected applications, reducing manual effort and errors.
- Consistent User Data: Ensures that user information is consistent across all integrated applications, improving data accuracy and compliance.
- Scalability: Easily manage a large number of users across multiple platforms, making it suitable for growing organizations.
- Security: Enhances security by ensuring that user access is promptly updated or revoked as needed.
- Efficiency: Automates repetitive tasks, freeing up IT resources for more strategic initiatives.
- Accuracy: Reduces the risk of human error in user management, ensuring that user data is always up-to-date.
- Compliance: Helps maintain compliance with data protection regulations by ensuring that user data is consistently managed and protected.
- Integration: Seamlessly integrates with existing SSO solutions, providing a comprehensive identity management system.
To enable SCIM functionality, you need to configure the SCIM application in your SSO provider with the following settings:
- Ensure SCIM is enabled.
- Set up the Application SCIM Integration with:
- SCIM connector base URL: https://www.corgea.app/scim/v2/
- Unique user identifier field: email
- Supported provisioning actions:
- Push New Users
- Push Profile Updates
- Authentication Mode: HTTP Header
Please contact the Corgea support team to obtain the necessary API token.
By enabling SCIM, organizations can significantly enhance their identity management processes, leading to improved operational efficiency and security.