This article provides instructions to enable the Single Sign-On (SSO) feature for Appspace Cloud.
With SSO, Appspace Cloud accounts can now be configured to integrate with Security Assertion Markup Language (SAML) 2.0 compliant identity providers, allowing for seamless and secure connections using a single set of credentials, simplifying username and password management.
When you login to Appspace, your credentials are authenticated by the identity provider, and a SAML assertion is sent to Appspace via the web browser to allow the login access to Appspace. Please ensure you have configured a trusted Identity Provider before you enable SSO with Appspace.
- An Identity Provider that is SAML 2.0 compliant
- IdP Metadata XML file or the SSO URL
- An x.509 Certificate
- Account Owner privileges
Enable Single Sign-On (SSO)
- Log in to the Account Management Portal ( https://account.appspace.com ) with your Account Owner credentials.
- Click the Settings tab, and the Account Authentication tab in the side panel.
- In the AUTHENTICATION METHOD section, select Single Sign-On (SSO) as the authentication method, to view additional SSO configurations.
- In the SINGLE SIGN-ON (SSO) SETTINGS section, select the desired Login Method:
- SSO only – Users must log in with Single Sign-On credentials.
- SSO or Appspace Credentials – Users can login with their Single Sign-On credentials and their Appspace credentials.
- In the IDENTITY PROVIDER (IDP) INFORMATION section, drop or upload the IdP metadata XML file, or manually enter the SSO URL and X.509 Certificate details in the relevant fields.
- In the GENERATING SERVICE PROVIDER (SP) METADATA section, select the desired Data binding (IdP to SP) option:
- Redirect – Users are redirected to the Identity Provider. SSO details will be passed in a query string with “?SAMLRequest=……” as part of the URL.
- Post – SSO details are passed using the POST method. Ensure the Identity Provider has direct access to the Appspace Server for this method to work.
- Optionally, you may enable the following features:
- Once all SSO configurations have been made, click Save.
Setting Up Pass-Through Authentication
Pass-through Authentication allows you to provide users in your organization that exist in an external Identity provider (IdP), with access to published channels through Appspace App on smartphones or tablets without consuming Premium User IDs. This is accomplished by providing you unlimited Basic User IDs which are automatically applied to users authenticated via SSO or LDAP that has been configured for Appspace.
- In the PASS-THROUGH AUTHENTICATION section, enter in the E-mail Domain of your organization.
- Once done, click Save.
Setting Up Just-In-Time Provisioning (JIT)
- In the JUST-IN-TIME PROVISIONING (JIT) section, slide the Enable JIT? slider to ON.
- Enter in the User group in which the new users will be assigned to.
- Optionally, click the Show advanced configuration link, if you would like to map the SAML attributes to a value that matches your IdP implementation
- Enter in the JIT condition Attribute Name and Attribute Value Regex.
- Enter in the SAML attributes mapping for the First name and Last name.