Comment on page

SSO Settings

Overview
You can configure your single sign-on settings in the System Settings section of Builder.
To configure Single-Sign On, you must:
1.​Add a service provider certificate - the service provider is the application providing service, i.e. Enate.
2.​Add identity provider settings - the identity provider is the system authenticating usernames and passwords, i.e. your third party systems such as Azure AD. 
Note that in order to edit these settings, a user must have the 'Edit System Settings' access option enabled as part of their user role. Users without this access option will be able to view the settings in read-only mode.
Adding a service provider certificate
To add a service provider certificate, you can either generate a new one or upload an existing certificate. 
If you are generating a brand new certificate, fill in the following settings:
Setting
Note
Subject
This is just for your reference. Mandatory.
Key Size
Value depends your security standards.
Hashing Algorithm
Value depends your security standards.
Validity Period in Years
How long would you like the certificate to be valid for. Enter the number of years. Maximum of 2 years.
Adding identity provider settings
To create an identity provider, you can either enter the necessary settings manually or import the metadata exported from your third-party system to auto-fill the necessary settings.
Setting
Note
Name
This is mainly for your reference. It also shows on the login page as a tooltip. Mandatory. E.g. Sign in with Office 365.
Description
This is just for your reference. Optional. E.g. Logs in Enate users using their Enate account.
Logo
This is the logo that will appear on the login page. File must be .pgn, .gif or .jpeg and 120 by 28 pixels. Mandatory.
Login Binding Type
Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This will be auto-filled in if you import a metadate file.
Logout Binding Type
Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This will be auto-filled in if you import a metadate file.
Allow Identity Provider Initiated Login/Allow Unsolicited AuthN Requests
This determines whether you acknowledge or ignore unsolicited AuthN requests. Unsolicited AuthN requests occur when a user starts the login procedure from the Identity Provider without first visiting Enate.

During a solicited request, the User visits the Enate login page, clicks the SSO provider logo and is redirected. Upon completion of the authentication, they are redirected back to Enate where the authentication completes. This was solicited by Enate.

During an unsolicited request, the user visits the Identity Provider, possibly an 'Application Directory', and clicks the Enate logo. They are redirected to Enate where authentication completes. Because this flow was initiated by the Identity Provider, it is considered unsolicited by Enate.
Identity Provider ID/Identity Provider Entity ID
Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file.
Single Logout URL
Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file.
Single Sign On URL
Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file.
User Identifier Claim
Which claim (e.g. first name, last name, etc. that has been set up in your third party identity provider) you want to use to maps to your users' email addresses. Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file. This is a free text field as well as a dropdown, so it can be customized, but it will likely just be email addresses.
Identity Provider Certificate
Add a copy of the certificate (Base-64 CER) provided by your third party identity provider. This setting will be auto-filled if you have imported a metadate file.

Setting	Note
Subject	This is just for your reference. Mandatory.
Key Size	Value depends your security standards.
Hashing Algorithm	Value depends your security standards.
Validity Period in Years	How long would you like the certificate to be valid for. Enter the number of years. Maximum of 2 years.

Setting	Note
Name	This is mainly for your reference. It also shows on the login page as a tooltip. Mandatory. E.g. Sign in with Office 365.
Description	This is just for your reference. Optional. E.g. Logs in Enate users using their Enate account.
Logo	This is the logo that will appear on the login page. File must be .pgn, .gif or .jpeg and 120 by 28 pixels. Mandatory.
Login Binding Type	Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This will be auto-filled in if you import a metadate file.
Logout Binding Type	Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This will be auto-filled in if you import a metadate file.
Allow Identity Provider Initiated Login/Allow Unsolicited AuthN Requests	This determines whether you acknowledge or ignore unsolicited AuthN requests. Unsolicited AuthN requests occur when a user starts the login procedure from the Identity Provider without first visiting Enate. During a solicited request, the User visits the Enate login page, clicks the SSO provider logo and is redirected. Upon completion of the authentication, they are redirected back to Enate where the authentication completes. This was solicited by Enate. During an unsolicited request, the user visits the Identity Provider, possibly an 'Application Directory', and clicks the Enate logo. They are redirected to Enate where authentication completes. Because this flow was initiated by the Identity Provider, it is considered unsolicited by Enate.
Identity Provider ID/Identity Provider Entity ID	Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file.
Single Logout URL	Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file.
Single Sign On URL	Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file.
User Identifier Claim	Which claim (e.g. first name, last name, etc. that has been set up in your third party identity provider) you want to use to maps to your users' email addresses. Set this to match how it is set in your identity provider, or how your identity provider's documentation tells you to set it. This setting will be auto-filled if you have imported a metadate file. This is a free text field as well as a dropdown, so it can be customized, but it will likely just be email addresses.
Identity Provider Certificate	Add a copy of the certificate (Base-64 CER) provided by your third party identity provider. This setting will be auto-filled if you have imported a metadate file.

Password Policy

Approval Settings

Last modified 5mo ago