SSO configuration for internal users

To enable single sign-on (SSO) for Crowdvocate Admin:

  • Using the main menu, go to Settings > Login

 

  • Click Admin login settings to view the current login configuration.

 

 

TIP:

By default, this page displays the Advocate login setting. Make sure Admin login setting is selected to configure SSO internal Users. To configure SSO for advocates, see SSO configuration for advocates.

 

 

 

  • On the right-hand side, select an option from the Select provider drop-down menu and click Add login option.  

 

  • Follow the required steps that appear in the dialogue box.

 

NOTE:

We’ve provided walkthroughs below for configuring OpenID and SAML login options. 

 

 

  • OpenID: 

The Configure OpenID login options dialogue box will be displayed. Complete the required fields:

 

TIP:

To ensure the data is entered correctly, copy and paste the data into the fields.

Click the icon next to each field for details. 

 

 

 

  • Enter the Provider Name

NOTE:

Internal users will see “Login with <Provider Name>” on the login page.

 

 

  • Enter your Client ID
  • Enter your Client secret.
  • Enter the Authorize URL.
  • Enter the Token URL.
  • Enter the Profile URL.
  • Select Access token in header to pass the access tokens in the HTTP header. Leave unselected to pass tokens in the post body. 
  • Click One more step to continue. 

  • Enter the Request Scope
  • Enter the User ID mapping key.

TIP:

The mapping fields are used to extract the data from the response. The response is a json object and the mapping is used to extract it, for example:

{

 “Id”: 123,

  “email”: ”<user’s email>”,

  “profile”: {

    “name”: “John”,

    “img”: “<url to image>”

  }

}

In that case the following configuration should be used:

User id mapping: id

Email id mapping: email

First name mapping: profile.name

Profile Image Mapping: profile.img

 

  • Enter the Email mapping key.
  • Enter the First name mapping key.
  • Enter the Last name mapping key.
  • Enter the Profile image mapping key.
  • Click Submit to enable SSO using OpenID.

 

  • SAML: 

The Configure SAML login options dialogue box will be displayed. Complete the required fields:

TIP:

To ensure the data is entered correctly, copy and paste the data into the fields.

Click the icon next to each field for details. 

 

 

  • Enter the Provider Name.

NOTE:

Internal users will see “Login with <Provider Name>” on the login page.

 

  • Enter the IDP SAML URL.
  • Enter the IDP x509 Certificate.
  • Enter the First name mapping key.
  • Enter the Last name mapping key.
  • Click Submit to enable SSO using SAML.

 

  • The selected provider will be shown in the list at the bottom of the page.

  • Under Admin Login, select Enable login with username & password to allow internal users to login with username and password as well as SSO. Deselect to only allow login with SSO.