SSO configuration

Single Sign-On allows users to login without having to create a new username and password just for your application. Instead, users login with their SAML or OpenID Connect credentials. SAML and OpenID Connect help manage and authenticate a single user across multiple applications. Here are guides to help you implement SSO.

SSO

Superwise provides organizations with an easy way to configure their SSO setting in one of the two following options:

🚧

Admin role required

To configure SSO you need to have an admin role in the platform

SAML configuration

Step 1 - Claim your domain

Once you are logged in into the platform, open the Admin Portal and navigate to SSO page.
In the Claim Domain window please enter your domain name and create DNS record with the following values (marked in red)

956 296

In the Claim Domain window please enter your domain name and create DNS record with the following values (marked in red):

Step 2 - Configure your IDP

  • Click the edit button next to the Configure your IDP step
  • In the Configure Your IDP window please perform the following:
    • Select SAML
    • Copy the ACS URL to your SAML application (to see where please look in Step #3).
    • You will need to import an XML file with your SSO endpoint and public certificate (see the following steps for further information on how to extract this file)
2212 926

Step 3 - Create a new SAML application on your IDP (below is a sample of OKTA).

2880

In the SSO URL, enter your subdomain followed by /auth/saml/callback and under SP entity ID include the entity ID defined in Superwise's team management portal.

2036

The next step is to download a metadata XML:

2880

Upload the xml file to the Superwise team management portal (see Step #2) and you should be good to go!

OpenID Connect configuration

Step 1 - Select OpenID Connect

Once you are logged in into the platform, open the Admin Portal and navigate to SSO page.
Then, choose Open ID Connect as IDP.

Step 2 - Provide additional data

Next, the user needs to provide additional data to login with OpenID Connect, as described in the table below.

ConfigurationDescription
Issuer URLThis is a URL that is given by the IDP. This URL provides instructions on how can we communicate with the IDP. If you are unsure you have the right URL, set it in the text input anyway, and we will let you know if it is okay.
Client IDThe clientId given by the IDP. This allows the IDP to identify who is requesting to authenticate.
Secret KeyThe secret key lets us authenticate with the IDP to validate the user who tries to login. It must correspond to the secret key we have for the clientId.
Redirect URIThis is a pre-configured value that lets the IDP know where it should return the user after the user is authenticated in the IDP. The redirect URI value must be configured in the IDP itself.

After completing and saving all the configurations, you should be able to login using the OpenID Connect protocol.