SSO SAML Integration
- 18 Jun 2024
- 1 Minute to read
- Print
SSO SAML Integration
- Updated on 18 Jun 2024
- 1 Minute to read
- Print
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
- Dise SSO SAML connection allows use of an alternative Identity Provider (IdP) to authenticate users for the Dise CX Portal.
- The connection will allows the use of groups (or roles) to control who gets access to which resources.
- User login is dependent on email domain, and all email addresses used from a specific email domain will be forwarded to the alternative IdP.
- Accounts are automatically created in Dise CX portal on login and connected to a location and a role based on their group subscriptions in the IdP.
- User groups are validated on each login and refreshed if needed. Users that are no longer valid or do not have a matching group subscription in the IdP will not be allowed to login.
- Users removed from the Dise CX Portal will be recreated again upon login using the IdP.
Setup
Setting up SSO is a complex process, please request assistance via Dise support.
Before seeking assistance preparations to be made:
Required credentials provided by Identity Provider
Sign-in URL to identity provider
X509 signing certificate
SAMLP server public key encoded in PEM or CER format.
Sign-out URL (optional)
SAML token attributes
The definition on what user attributes will be passed to the service provider via SAML and needs to be handled by Dise. E.g. user group (role & location).
{ "groups": "http://schemas.xmlsoap.org/claims/Group" }Identity provider email domain(s)
A list of domains to connect to this identity provider.
Which Dise server(s) to access
List of roles & locations for mapping groupId(s) against
Group1 = CustomRole1 on Brand
Group2 = CustomRole2 on Country
Was this article helpful?
