Enterprise Single Sign-On setup [SSO]

How to setup and enable Enterprise Single Sign-On (SSO) in Settings

Uros Maksimovic avatar
Written by Uros Maksimovic
Updated today

A Single Sign-On (SSO) system is a centralized authentication service that allows users to log in to multiple applications with a single set of credentials. This improves security by eliminating the need for users to manage multiple passwords and simplifies administration by reducing the number of logins to manage.

Set up Insightful in your Identity Provider

To set up the SSO within Insightful you first need to create the Insightful application in your Identity Provider. During this configuration, you will be asked to input the below two details:

Audience URI (Entity ID):
โ€‹https://app.insightful.io

Assertion Consumer Service (ACS) URl or Single Sign On URl:

Leave the Default Relay state field blank until you obtain it after completing the first step on Insightful Security and Identity page.

In order for the user to be able to use SSO login, it is necessary to assign the application created on Identity Provider to the user.

Additionally, be mindful that under the User Attributes and Claims or Attribute Statements section, the following attributes are required to be mapped out:

  • firstName

  • lastName

  • email

  • id

Set up Sign-On (SSO) in Insightful

To enable SSO in Insightful application, please go to Settings โ†’ Security and Identity.
โ€‹

This can be performed by your Admin only.

Set up SAML

Please follow these steps to set up SAML (Security Assertion Markup Language)

1.Click on Configure SAML button.

2. In the next step, please name the integration and enter the required details, obtained from the Identity Provider interface: Issuer ID, Login URL, and Identity Provider Certificate - which can be copied and pasted into the certificate field or uploaded like a Certificate file.

By completing this step, and upon a successful response from API, the status of SSO Configuration becomes Verification Pending.

If you have previously input any incorrect data, you will need to click Disconnect at this point and start over. This is because you will be unable to edit the data in the SAML configuration step until the process is finished.

3. Next, it is recommended that Admin copies our info (the response from the fields) into Identity Service Provider. The response contains of Default Relay State and Certificate. Certificate can once again be copied and pasted or downloaded as a Certificate file (Certificate is optional in some tools).

4. After this step is done, new window to verify SAML will appear. Click on Verify SAML button. This will redirect the Admin to Identity provider login screen.

5. After successful login the next step is Link account where the Admin should click on Yes link account button to continue with the process.

6. Following this step, the Admin will receive a 6-digit confirmation code by mail, which they should enter on the Please, verify your account screen and click on the Verify button.

Upon successful completion, the status of SSO Configuration becomes SSO Configured & Verified.

There can be only one active SAML Configuration at a time. You can always edit the existing one or disconnect/remove it if you wish to add another one. Click here to learn how.

Possible Error message

If you encounter an error message that there is no Encryption assertion - {"message": "Expected 1 EncryptedAssertion; found 0."} please do the following:

  • Download/copy the Service Provider Certificate from Insightful and upload it to Identity Providerโ€™s app;

  • SAML configuration will be successfully set up afterward.

Instructions for setting up SSO for each provider

Did this answer your question?