Single sign-on (SSO) is an authentication method that enables secured user authentication with multiple applications and websites by using a single set of credentials. SSO works upon a trust relationship set up between the service provider, and an identity provider such as Okta. This trust relationship is often based upon a certificate that is exchanged between the identity provider and the service provider. This certificate can be used to sign identity information that is being sent from the identity provider to the service provider so that the service provider knows it is coming from a trusted source. In SSO, this identity data takes the form of tokens which contain identifying bits of information about the users. Spectro Cloud supports the following two types of SSO authentication mechanisms:
- SAML Based SSO
- OIDC Based SSO
To setup IdP based SSO, log in to the Spectro Cloud console as the tenant admin. Access the tenant admin settings area by clicking the "Admin" button on the left panel. Choose the IdP from the "Service" dropdown menu. Select the "Settings" from the "Admin menu" and then click "SAML" on the Spectro Cloud console to view the SAML panel. Toggle the
Enable SSO button to bring up the configuration boxes. The following parameters will be available for enabling the addition of Spectro Cloud as a "Service Provider" into the IdPs:
- NameId Format
- Login URL
- Service Provider Metadata
Using these parameters, Spectro Cloud should be added as the Service Provider (SP) app in the IdP's configuration. More details specific to IdPs follow.
The next step is to copy the
Identity Provider Metadata from the IdP into the Spectro Cloud SAML panel. Click on "Confirm" to complete the setup.