Skip to main content
All CollectionsUser Security Management
SAML Single Sign-On Configuration: Configuring SSO
SAML Single Sign-On Configuration: Configuring SSO

Once you have a verified domain, you will be able to configure SSO for your organization. Find out how.

Shawn Kucerak avatar
Written by Shawn Kucerak
Updated over 3 years ago

Edisen is able to provide it's users with SAML based authentication and single sign-on (SSO) access to the application through an identity provider (IdP) of your choice.

Note that we do not support SCIM provisioning at this point.

There are two simple steps to configure and enable Single Sign-On for Edisen users with your company's identity provider:

  • Configuring SSO with Microsoft Azure AD

In this article, we will cover the second step, Configuring SSO with Microsoft Azure AD - via the "Single Sign-On" button and "SSO Configuration" panel. Any identity provider of your choice can be used (like Okta, OneLogin, ADFS by Microsoft, Auth0, Google), but in this article we will cover setting up with Microsoft Azure AD.

Configuring SSO

You will be able to enable and configure SSO once you have a verified a domain and it is in Active status.

Before configuring SSO

Before configuring SAML single sign-on, create an Edisen account (ask an Edisen admin to send you an invitation) with an admin access so that you can use to access your organization even if SAML has been misconfigured. This account must not use an email address from a domain you have verified for this organization. This ensures that the account will not redirect to SAML single sign-on when you login in.

Consider this account as temporary: you'll be able to remove admin access from it when you are satisfied that SAML single sign-on is working as expected for your users.

Setup SAML single sign-on with Microsoft Azure AD

It is strongly recommended to configure the feature in a separate incognito mode window of your browser. This way you keep the session in the standard window, allowing you to switch off the SSO authorization in case something is configured incorrectly.

Once we have a verified active domain, we are able to configure SSO. In the Service Provider Information section, use the following information:

Adding and Configuring the app

  1. Create a new application in the Azure AD Enterprise Application Gallery

  2. Click Setup single sign on and select the SAML sign-on method.

  3. You will see basic SAML configuration is already in place.

Creating the Certificate

  1. Scroll to SAML Signing Certificate section and click to Add a certificate.

  2. Click +New Certificate and choose the Signing Option = Signed SAML Assertion or Signed SAML response and assertion. Assertion must be signed.

  3. Click Save.

  4. Click More options for the certificate and first make the certificate active and then download the Base64 file and save it on your computer.

Configuring SSO in your Edisen organization

  1. Open the downloaded file in a text editor and copy-paste the x509 certificate from the file to the SAML Certificate text area in the panel above.

  2. In the Azure settings and find Login URL and paste it to Sign-in URL field in Edisen.

  3. Copy Azure AD Identifier value from Azure portal, paste it in the Identity Provider Issuer URL textbox in Edisen.

  4. Make sure that you have added at least one company domain before hitting the Save button.

And that's all, your SSO Configuration is now complete.

Full-screen view of the article:

https://help.edisen.com/en/articles/5753248-saml-single-sign-on-configuration-configuring-sso

Hope you found this article useful. Please feel free to give us feedback, comments or reach out for questions at edisentickets@onevigor.tv

For submitting a support request, please see this article https://app.intercom.com/a/apps/ajhtc3bt/articles/articles/3168393/show

Did this answer your question?