Single sign-on (SSO) allows users to get to their work on the ITONICS platform faster. The login process is simplified with SSO by allowing users to sign in automatically without having to input their username and password each time.
Please note that the SSO feature has to be activated first for your organization. Contact us at email@example.com for a trial.
How Single Sign-On works
Integrating SSO can be performed fully self-managed. We recommend getting your IT department involved.
Firstly, SAML (Security Assertion Markup Language) needs to be set up. SAML is an open standard used to transfer authentication data between two parties - the identity provider (IdP) and the service provider (SP). While the IdP refers to a system entity that creates, manages, and maintains identity information and provides user authentication as a service, the SP is a system entity that receives and accepts authentication information from the IdP.
The following steps describe the standard procedure for setting up SAML:
- Go to Settings > SSO.
- Copy and send the IDP Configuration Information (1) to your IT department.
- Your IT Team has to import the metadata to the Active Directory Federation Services (ADFS).
- In the SSO Configuration Page, two more configuration steps have to be executed:
- Attribute Mapping: Map the attributes from your Identity Provider with the User Attributes in ITONICS. Currently, only Email, Last Name and First Name can be mapped. Soon also other attributes will follow. (2)
- Metadata Configuration: Choose the Metadata Configuration Type and upload a Metadata URL or a Metadata XML File Content. Metadata thereby refers to information that describes other information, i.e., the basic structure to the information exchange through SAML. (3)
- After you saved the configuration – SSO can be enabled via the slider in the bottom right corner. (4)
- All users can log in via the button Sign in with SAML on the login page.
Login with SSO
- Use the ITONICS system URL from any web browser.
- When you land on the ITONICS Login Page, click on the button Sign in with SAML. You will be redirected to your SAML Identity Provider (e.g., Active Directory Federation Services, Azure ADFS or OneLogin. Most SAML Identity Providers are compatible).
- You will be asked to authenticate with your credentials at the Identity Provider.
- The defined SAML token is sent back to ITONICS.
- The SAML data is verified by ITONICS and if successful, you are authenticated.
- When you complete this process for the first time, the system creates a user account in the ITONICS user management, assigns the role Regular User, and imports the User Attributes E-Mail, Last Name and First Name.