Implementing Single Sign On (SSO) - Initial setup and connection

Introduction

Aptem supports the use of Single Sign On (SSO) using SAML. Single sign on using SAML can be enabled to allow the client’s Federated Identity provider (FIP) to be used to authenticate internal and/or external users of Aptem. This article outlines the steps to configure your Identity Provider (IdP) and connect it to Aptem.

The Aptem SAML implementation only handles authentication, but not authorisation, i.e. customers will not be able to control roles/permissions of internal and external users in Aptem. Aptem does provide support for this using it's APIs. For further information on managing user accounts with APIs please contact support.

 

Useful articles

The steps to implement this are predominantly related to the configuration of your Identity Provider. The information below provides the details required to do this as well as some reference articles for configuring common identity providers such as Azure AD.

Planning a single sign-on deployment

What is SAML SSO?

 Configuring SAML-based Single Sign-On in Azure AD

 

Setting up SSO

  1. Manifest URL: You will need a manifest URL which you can request via the Aptem technical support team.
  2. IdP configuration: The manifest URL referred to above can be used to register the client's FIP. When configuring your Identity Provider connection you should ensure that the FIP uses one of the following attributes in the assert:
    saml:Attribute[@Name='urn:oid:0.9.2342.19200300.100.1.1']
    saml:Attribute[@Name='username']
    saml:Attribute[@Name='User.email']
    saml:Attribute[@Name='email']

    You will also need to ensure that assertion encryption is not enabled.

  3. Provide required details: After configuring this within your Identity Provider, you will then need to send us the manifest file which we will then register within Aptem to establish the trust. The manifest must contain only one signing key.

 

Testing

You can create a test user account to verify that if the Single Sign On (SSO) is successfully configured.

When SSO is enabled, this is what you see.

Classic

When using Classic, you must click the 'Sign in using abc' button.

ABCD_univ.jpg

On the subsequent screen, enter your credentials and sign in. If the set up was successful, you will be able to access Aptem using SSO.

 

Console

When using Console, you must enter your email ID on the login screen and click Next.

SSO console 1.png

If your account is configured for SSO, see a new login screen where you can enter your credentials and log in.

 SSO console 2.png

If the set up was successful, you will be able to access Aptem using SSO.

Was this article helpful?
0 out of 0 found this helpful