Table of Content
1. Introduction
2. What is SSO?
3. Benefits of SSO Integration
4. Technical Requirements
5. SSO Integration Flow
5. SSO Integration Process
1. Introduction
Purpose: This document outlines the process for integrating Single Sign-On (SSO) with the Legistify web application. It provides a step-by-step guide on how to set up SSO using external identity providers to streamline user authentication and enhance user experience.
Overview: Single Sign-On (SSO) enables users to log in using credentials from external identity providers, simplifying the authentication process.
The Authentication Service supports SAML-based strategies for Microsoft Active Directory SAML and Google SAML integration, providing seamless access to Legistify services using existing corporate or Google credentials.
2. What is SSO?
Definition: Single Sign-On (SSO) is an authentication process that allows users to access multiple applications with a single set of login credentials. By authenticating once with an external Identity Provider (IdP), users can seamlessly access various services without needing to log in separately for each application.
How It Works: In an SSO setup, users authenticate with an Identity Provider (IdP) that manages their credentials. Once authenticated, the Identity Provider (IdP) provides an authentication token or assertion to the Service Provider (SP), which grants access to the application.
3. Benefits of SSO Integration
User Experience: Users benefit from a simplified login process, reducing the need to remember and enter multiple passwords.
Security: Centralized authentication management, potentially enhancing security by reducing password fatigue and improving credential management.
Administrative Efficiency: Streamlines user management by utilizing existing credentials from corporate directories or Google accounts.
4. Technical Requirements
Supported Protocols: SAML-based strategies for authentication.
System Requirements: Compatibility with SAML protocols for Microsoft Active Directory and Google SAML.
Security Considerations: Securely handle and store IdP credentials, authentication tokens, and ensure proper configuration of SSO settings.
5. SSO Integration Flow
5. SSO Integration Process
Step 1: Choosing an Identity Provider (IdP)
Microsoft Active Directory SAML Integration:
For organizations using Microsoft Active Directory for identity management, integrate with Legistify using SAML authentication. Users will log in to Legistify services with their Active Directory credentials.
Google SAML Integration:
For organizations using Google Workspace (formerly G Suite) for identity management, integrate using Google SAML authentication. Users will log in to Legistify with their Google credentials.
Step 2: Configuration
For Identity Provider (IdP):
Set up the application on the Identity Provider (IdP) dashboard.
Obtain necessary credentials (e.g., Client ID, Client Secret).
Provide the Metadata XML file or specify the entry point, issuer, and certificate for the integration.
For Service Provider (SP):
Configure SSO settings in your web application to integrate with the chosen Identity Provider (IdP).
Update the application with the Identity Provider IdP credentials.
Step 3: Testing
Testing Environment:
Identifier (Entity ID): `legistify-qa`
Reply URL (Assertion Consumer Service URL): https://auth-dev.legistrak.com/api/user/sso-login/callback/{organizationId}
Step 4: Production Deployment
Production Environment:
Identifier (Entity ID): `legistify-prod`
Reply URL (Assertion Consumer Service URL): https://auth-prod.legistify.com/api/user/sso-login/callback/{organizationId}
Note: The {organizationId} in the above URL's will be provided by Legistify team.
Step 5: Deployment
Deploy the SSO integration to the production environment following successful testing.