SSO configuration for advocates

To enable single sign-on (SSO) for the customer portal:

  • Using the main menu, go to Settings > Login

 

  • The current Advocate login setting will be displayed.

TIP:

Make sure the Advocate login setting is selected, and not the Admin login setting. To configure SSO for internal users, see SSO configuration for internal users.

 

 

  • On the right-hand side, select an option from the Select provider drop-down menu and click Add login option.  

 

  • Follow the required steps that appear in the dialogue box.

NOTE:

We’ve provided walkthroughs below for configuring OpenID and SAML login options. 

 

  • OpenID: 

The Configure OpenID login options dialogue box will be displayed. Complete the required fields:

 

TIP:

To ensure the data is entered correctly, copy and paste the data into the fields.

Click the icon next to each field for details. 

 

 

  • Enter the Provider Name

NOTE:

Advocates will see “Login with <Provider Name>” on the login page.

 

  • Enter your Client ID
  • Enter your Client secret.
  • Enter the Authorize URL.
  • Enter the Token URL.
  • Enter the Profile URL.
  • Select Access token in header to pass the access tokens in the HTTP header. Leave unselected to pass tokens in the post body. 
  • Click One more step to continue. 

  • Enter the Request Scope
  • Enter the User ID mapping key.

TIP:

The mapping fields are used to extract the data from the response. The response is a json object and the mapping is used to extract it, for example:

{

 “Id”: 123,

  “email”: ”<user’s email>”,

  “profile”: {

    “name”: “John”,

    “img”: “<url to image>”

  }

}

In that case the following configuration should be used:

User id mapping: id

Email id mapping: email

First name mapping: profile.name

Profile Image Mapping: profile.img

 

  • Enter the Email mapping key.
  • Enter the First name mapping key.
  • Enter the Last name mapping key.
  • Enter the Profile image mapping key.
  • Click Submit to enable SSO using OpenID.

 

  • SAML: 

The Configure SAML login options dialogue box will be displayed. Complete the required fields:

TIP:

To ensure the data is entered correctly, copy and paste the data into the fields.

Click the icon next to each field for details.

 

 

  • Enter the Provider Name.

NOTE:

Advocates will see “Login with <Provider Name>” on the login page.

 

  • Enter the IDP SAML URL.
  • Enter the IDP x509 Certificate.
  • Enter the First name mapping key.
  • Enter the Last name mapping key.
  • Click Submit to enable SSO using SAML.

 

  • The selected provider will be shown in the list at the bottom of the page.

 

  • Under Advocate Login, configure the options as required:

  • Enable login with username & password: Select to allow advocates to login with username and password as well as SSO. 

Deselect to only allow login with SSO.

  • Require activation on SSO/Auto sign up: If selected, advocates will be required to login using SSO and will then be taken to an Activation page to enter the additional information before their account is created.

Deselect to allow advocates to create an account, without completing the Activation information. 

  • Allow SSO login only to invited advocate: Select to restrict sign-up to invited advocates only.

Deselect to allow sign-up for all any advocate with SSO (advocates do not have to be invited).