This article will describe how to use ITBOOST® with the Security Assertion Markup Language (SAML) standard for Single Sign-on (SSO).
ITBOOST now provides Single sign-on (SSO) which provides an easy way to access multiple websites or applications using a single account.
To design SAML settings for SSO, you need a Identify provider that bolsters SAML. This broadly bolstered convention empowers online confirmation situations including cross-area SSO and unified verification between SaaS applications, similar to ITBoost, and on reason catalog frameworks, for example, Active Directory. The way to this component is the middle person SAML SSO server – otherwise called the Identify provider.
How it functions: Authentication to your subdomain (mycompany.itboost.com) is taken care of by your Identify provider. At whatever point ITBoost or one of your different applications or destinations needs to verify you by means of SSO, they'll divert you to the Identify provider. On the off chance that you are not signed in, you can sign in utilizing your SSO certifications. Yet, in case you're as of now signed in, you won't have to sign in once more. You are promptly diverted back to ITBoost with the fundamental validation token. This token is utilized to check that you are validated with the Identify provider.
Getting Started with SSO in ITBOOST:
Begin by signed into ITBoost as an Administrator and exploring to the SSO arrangement settings of the Identify provider, so you can design the two all the while.
Every one of your users should be provisioned in the Identify provider, with the very same email address as their ITBoost account, since that is the means by which ITBoost will recognize them. In the wake of designing SSO in your Identify provider, you'll come back to ITBoost, navigate to Organizational Settings > Advanced Settings > Login Methods, select SSO from dropdown, and use the accompanying Identify provider information into ITBoost for login.
Service Provider Metadata:
IDP ID: The URL that uniquely identifies your SAML identity provider.
Login URL: The SAML login URL is of the SAML server. ITBoost redirects to this URL for SSO if a session isn't already established. Also called: Sign-on URL, Remote login URL, SSO URL, SSO Endpoint, SAML URL, Identity Provider Sign-in URL, IDP Login URL, and Single Sign-On Service URL.
Entity ID: This fields requires the Identity Provider Metadata URL to an IDP's XML-formatted metadata.
Logout URL: A URL where ITBoost can redirect users after they Logout of ITBoost. Also called: SLO Endpoint, SAML Logout URL, Trusted URL, Identity Provider Sign-out URL, and Single Sign-Out Service URL.
Certificate - The authentication certificate issued by your identity provider (a base-64 encoded X.509 certificate). Be sure to include the entire certificate, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE------.
Also called: Public Certificate, X.509 Certificate.
Note: Save Button will be available only if all fields are filled. Delete button will delete all configurations available against SSO.
User Setup Information:
The user that want to login through IDP must exists in ITBOOST.
For User to login through SSO, user must be created in ITBOOST. User creation involves creation of user Role and other details. When Admin is creating user with SSO enabled, user will not receive activation email but notification email.
After SSO enabled, non-Admin user will not be able to login using ITBOOST login details.
After SSO enabled, all users having role of Admin user can login using ITBOOST login details.
IDP’s not providing name_id as email address must release email attribute named 'itbemail'.