Single sign-on (SSO) allows users to get to their work on the ITONICS platform faster. The login process is simplified with SSO by allowing users to sign in automatically without having to input their username and password each time.
Please note that the SSO feature has to be activated first for your organization. Contact us at firstname.lastname@example.org for a trial.
How Single Sign-On works
Integrating SSO can be performed fully self-managed. We recommend getting your IT department involved.
Firstly, SAML (Security Assertion Markup Language) needs to be set up. SAML is an open standard used to transfer authentication data between two parties - the identity provider (IdP) and the service provider (SP). While the IdP refers to a system entity that creates, manages, and maintains identity information and provides user authentication as a service, the SP is a system entity that receives and accepts authentication information from the IdP.
The following steps describe the standard procedure for setting up SAML:
- Go to Settings > SSO.
- In the SSO Configuration Page you need to execute two configuration steps:
- Attribute Mapping: Map the attributes from your Identity Provider with the User Attributes in ITONICS. Currently, only Email, Last Name and First Name can be mapped. Soon also other attributes will follow. (1)
- Metadata Configuration: Choose the Metadata Configuration Type and upload a Metadata URL or a Metadata XML File Content. (2)
- Save the applied configuration (3)
- Based on your applied configuration – the IDP Configuration Information are generated (4)
- Your IT Team has to import the metadata to the Active Directory Federation Services (ADFS).
- After your team has imported the metadata to the ADFS, you need to enable SSO via the slider in the bottom right corner. (5)
- All users can log in via the button Sign in with SAML on the login page.
Login with SSO
- Use the ITONICS system URL from any web browser.
- When you land on the ITONICS Login Page, click on the button Sign in with SAML. You will be redirected to your SAML Identity Provider (e.g., Active Directory Federation Services, Azure ADFS or OneLogin. Most SAML Identity Providers are compatible).
- You will be asked to authenticate with your credentials at the Identity Provider.
- The defined SAML token is sent back to ITONICS.
- The SAML data is verified by ITONICS and if successful, you are authenticated.
- When you complete this process for the first time, the system creates a user account in the ITONICS user management, assigns the role Regular User, and imports the User Attributes E-Mail, Last Name and First Name.