Single Sign-On (SSO)

Overview of SSO

Last Updated: August 3, 2023

Path: Community Settings >> Security >> Single Sign-on Settings

When we have SSO enabled and added to the community, these are the global settings we can customize for the SSO. This section is a part of Advanced settings.

Toggle the switch to Advanced from any part of the community settings to access the SSO.

 

SSO General Settings:

 

Remove Sync groups when groups are empty: This will remove any groups that have no members assigned to them.

Redirect to SSO Login Automatically: When you have this setting enabled, the SSO enabled community will be automatically redirected to the SSO login page.

Login Redirection Delay (in seconds): This helps you to setup a delay in redirection to the SSO Login page. The Login Redirection Delay value must be greater than 0 and the default value is 5.

Ideascale Email/ Password Login: Allows users to have a login option with Ideascale credentials along with the option to login via SSO.

Allow members/persons to change username: Enabling this setting allows an SSO community members to change their username from what has been already passed via SSO.

Remember Me: Enabling this will remember the members that have logged in via SSO.

Groups Allowed for Ideascale Email/Password Login: You can restrict the groups that can login via Ideascale Email/Password.

Enable Community Sign Up: This option will only be visible when we have Ideascale Email/Password login enabled. This will allow new members to sign up or register to the community.

Groups Not Allowed for Ideascale Email/Password Login: We can assign groups that should be restricted from using the Ideascale Email/Password to login to the community.



What is Single Sign-On and why should I use it?

Single Sign-On (SSO) is a popular method of integrating your site's user details with IdeaScale's authentication system. The benefit to configuring SSO is that it alleviates the user's need to log into IdeaScale with another set of credentials. With SSO employed, access to the IdeaScale community is predetermined by the user's access to your intranet. SSO removes the login process--which many community admins feel is a significant barrier to participation!

For more details about SSO, click here

What kinds of Single Sign-On does IdeaScale support?

SAML 2.0

  • SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) such as Okta, and a service provider (SP) for IdeaScale SSO integrations, the IdeaScale community is the Service Provider. 

  • Learn more here!

Token-Based/Multipass

  • Multipass authentication is a single sign-on authentication strategy to allow you to share your user authentication with your site

  • Encrypted token that is passed on in the URL or as a parameter in a post form

  • Learn more here & here

Azure AD

  • Azure AD allows determining who has access to IdeaScale

  • It helps to manage your accounts in one central location - the Azure portal

  • Learn more here.

Last Updated: August 3, 2023