Skip to main content

How to configure single sign-on (SSO)

Jasper
Updated

Elimity Insights supports single sign-on (SSO) using the OpenID Connect (OIDC) protocol.

To set up SSO, you will need an identity provider such as Azure AD or Google Workspace. To then configure single sign-on (SSO) for Elimity Insights, follow these steps:

  1. Obtain the necessary OIDC details from your provider. Elimity Insights requires the following information: OIDC provider URL, OIDC client ID and OIDC client secret. The sections below 
  2. Update the Elimity Insights configuration files. You need to provide the OIDC details in the files config/elimity.yml and config/secrets.yml.
    1. In config/elimity.yml :
      • Set EnablePasswordAuthentication to false.
      • Set EnableOIDCAuthentication to true.
      • Provide the OIDC provider URL and client ID in the OIDCProvider and OIDCClientID fields, respectively.  The format of OIDCProvider is the URL of the OIDC discovery document minus ".well-known/openid-configuration".
    2. In config/secrets.yml :
      1. Provide the client secret in theOIDCClientSecret field.
  3. Restart the Elimity Insights server.

Once you have completed these steps, SSO will be enabled for Elimity Insights. Users will be able to log in using their SSO credentials.

Setting up SSO with Entra ID (Azure AD)

To obtain a SSO endpoint in Entra ID, log in to the Azure portal, open Microsoft Entra ID and perform the following steps:

Step 1: Create an App Registration

  1. Select Add > App registration

  2. Enter a name for the application. 
  3. Select Web from the Select a platform drop-down list. 
  4. As redirect URL, fill in an URL of the following format: https://<your-elimity-domain>/api/oidc/callback field. Example: https://contoso.elimity.com/api/oidc/callback
  5. Select Register.
  6. Note down (copy-paste) the Application (client) ID and Directory (tenant ID) for later on.
  7. If needed, grant admin consent for the delegated permissions "View users' email address" and "Sign users in" (delegated permission on the claim value "user.read").

Step 2: Create the application secret

  1. Open the Certificates & secrets view for the newly created application. There is a link to this on the Overview page of the application.
  2. Select New client secret.
  3. Enter a description (simply a label) in the Description field.
  4. Select a duration from the Expires drop-down list.
  5. Select Add to create the client secret.
  6. Note down (copy-paste) the given secret from the Value column for later on.

Step 3: Configure Elimity Insights

Update the configuration files of Elimity Insights as described above. The necessary values are:

  • OIDCProvider: https://login.microsoftonline.com/<tenant-id>/v2.0
    • Notice: no trailing slash
  • OIDC client ID: the Application (client) ID provided at the end of Step 1
  • OIDC client secret: the secret provided at the end of Step 2

Setting up SSO with Google Workspace

To obtain a SSO endpoint in Google Workspace, follow the following steps.

Step 1: Create an OAuth 2.0 Client

Follow the steps described in

https://support.google.com/cloud/answer/6158849 to set up a new OAuth 2.0 endpoint for SSO. The parameters to use are:

  • Create Credentials: OAuth client ID
  • Application type: Web application
  • Name: free to choose, e.g., "Elimity Insights"
  • Authorized JavaScript origins: none
  • Authorized redirect URIs: https://<your-elimity-domain>/api/oidc/callback field. Example: https://contoso.elimity.com/api/oidc/callback
  • Note down (copy-paste) the Client ID and Client Secret given on the next screen.

Step 2: Configure Elimity Insights

Update the configuration files of Elimity Insights as described above. The necessary values are:

  • OIDCProvider: https://accounts.google.com
    • Notice: no trailing slash
  • OIDC client ID: the Client ID provided at the end of Step 1
  • OIDC client secret: the Client Secret provided at the end of Step 1

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk