Single Sign On (SSO)
      Back to home
      1. IdeaScale Support Center
      2. Security
      3. Single Sign On (SSO)

      Single Sign-On (SSO)

      Overview of SSO

       

      Path: Manage Workspace >> Security >> Single Sign-on Settings

      When we have SSO enabled and added to the workspace, these are the global settings we can customize for the SSO. 


      SSO General Settings:

      Screenshot 2024-09-09 at 11.34.25 AM

      Remove Sync groups when groups are empty: Any groups that have no members assigned to them will be eliminated. Removing groups with no members improves efficiency.

      Want Assertion Signing : It will not require either the response or the assertions need to be signed, and signing both seems redundant. It can be True or False in XML data.

      Authn Requests Signed : The private key associated with your local certificate (eg your SP.PFX file) is used to sign the authn request. The IdP should be configured with the corresponding certificate.

      Redirect to SSO Login Automatically: When you have this setting enabled, the SSO enabled community will be automatically redirected to the SSO login page.

      Display buttons instead of a dropdown menu for multi- sso setup: The login page will present buttons for users to choose their preferred SSO login option when multiple SSO configurations are set up in the workspace. If there is only a single SSO configuration, it will be displayed as a single button to click on.

      Screenshot 2024-11-14 at 10.10.11 PM

      Login Redirection Delay (in seconds):       This helps you to setup a delay in redirection to the SSO Login page. The Login Redirection Delay value must be greater than 0 and the default value is 5.

      Ideascale Email/ Password Login: Allows users to have a login option with Ideascale credentials along with the option to login via SSO.

      Allow members/persons to change username: Enabling this setting allows an SSO community members to change their username from what has been already passed via SSO.

      Enable Username Prompt: This will allow new members to create a username for the  workspace.

      Enable Workspace Registration: This will allow new members to sign up or register to the workspace.



      What is Single Sign-On and why should I use it?

      Single Sign-On (SSO) is a popular method of integrating your site's user details with IdeaScale's authentication system. The benefit to configuring SSO is that it alleviates the user's need to log into IdeaScale with another set of credentials. With SSO employed, access to the IdeaScale community is predetermined by the user's access to your intranet. SSO removes the login process--which many community admins feel is a significant barrier to participation!

      For more details about SSO, click here

      What kinds of Single Sign-On does IdeaScale support?

      SAML 2.0

      • SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) such as Okta, and a service provider (SP) for IdeaScale SSO integrations, the IdeaScale community is the Service Provider. 

      • Learn more here!

      Token-Based/Multipass

      • Multipass authentication is a single sign-on authentication strategy to allow you to share your user authentication with your site

      • Encrypted token that is passed on in the URL or as a parameter in a post form

      • Learn more here & here

      Azure AD

      • Azure AD allows determining who has access to IdeaScale

      • It helps to manage your accounts in one central location - the Azure portal

      • Learn more here.


        Last Updated: November 14, 2024