Single Sign-On (SSO) Management

The Single Sign-On (SSO) Management page makes it easy to add SSO configurations. From Single Sign-On (SSO) Management, you can easily add, preview, and manage SSO configurations in your environment using the SSO dashboard.

Unqork as a SAML service provider secures applications that work with sensitive information. Having end-users use SSO (single sign-on) to access your application improves security for all. When setting up SSO, you can select the authentication provider for your Unqork application, instead of having Unqork store end-user credentials. Using SSO also gives your end-user fewer credential sets to remember. Your end-user gets a seamless login experience, and you can trust your SSO provider to ensure the right people have access to your application.

You can set up SSO configurations for the following:

SSO configuration must be manually configured at each Unqork environment level: Staging, QA, UAT, and Production. SSO configurations in Single Sign-On (SSO) Management cannot be promoted to other environment levels. Each environment level should have a separate SSO configuration to ensure incorrect permissions are not accidentally granted in higher environment levels.×

When adding your SSO configuration, choose one of two protocols supported by Unqork: SAML (Security Assertion Markup Language) or OIDC (OpenID Connect).

SSO Management also supports hard-coding application roles. To specify application roles, use the following format: <applicationId>:<roleName>. To specify multiple application roles, use a comma-separated list.×

In this article, you'll learn the basics of using the Single Sign-On (SSO) Management page. In the Related Resources section, you can find links to related articles, including provider-specific how-to guides and detailed articles about SAML and OIDC in Unqork.×

The SSO dashboard is where you add, review, and manage SSO configurations in your environment. You can have SSO configurations from different Identity Providers (IDPs) or OpenID Providers (OPs) configured in your environment. Each SSO configuration has a unique callback URL (SAML) or redirect URL (OIDC) that contains the SSO configuration's unique name.

Here’s an example of the dashboard with several SSO configurations:

The image showcases the SSO Management screen

The SSO dashboard includes the following tabs:

Each tab has a similar dashboard, where you can gather some useful information:

Column Column Description

Name

The SSO configuration's name.

SSO configuration names are customizable labels you set when adding the SSO configuration.×

Protocol

Which protocol the SSO configuration uses: SAML or OIDC.

Default Role

The default role for users who authenticate using the SSO configuration.

For Express SSO configurations, the default role is an Express role, defined in Express Role Administration. For Designer SSO configurations, the default role is a Creator role, defined in Creator (User) Administration.

Actions

From the Manage drop-down, you can view, edit, preview, or delete an SSO configuration.

These instructions outline the basic steps to add an SSO configuration to the SSO dashboard. The individual steps and field values vary based on your SSO provider, and whether you configure SAML or OIDC. See the Related Resources section for further information.

1. At the top right of the Unqork Designer Platform, Click Administration.
2. Under Environment, select Single Sign-On (SSO).
3. Click + New SSO.
4. Select Express. The New Express SSO configuration modal opens.
5. In the SSO Name field, enter a name for your SSO configuration.

SSO configuration names must be unique.×

6. Select a Default Role. The drop-down contains a list of all Express Roles defined in Express Role Administration.

Leaving this empty defaults to a role with the lowest-level permissions.×

7. Select a Default Group. The drop-down contains a list of all Express Groups defined in Express Group Administration.

It's a best practice to select a default group with the lowest-level permissions. Leaving this empty defaults the end-user to no group.×

A image showing how to create a new SSO.

8. Click Next to move to the Configure Protocol tab.
9. Select the Protocol.
10. Complete the IdP Details, Configuration Details, and Advanced Settings as required.

It's possible to have multiple IDP configurations for a single application. ×

See the Related Resources section for detailed articles covering what to enter in each field, including provider-specific how-to guides.×

A static image showing a new Express SSO config page.

11. Click Next to move to the Attribute Mapping tab.
12. Complete the Attribute Mapping and User Management settings as required.

See the Unqork as a SAML Service Provider or OpenID Connect (OIDC) articles for detailed information about adding attribute mappings to a SAML or OIDC-based SSO configuration.×

A image showing attribute mapping fields for creating new SSO

13. Click Create SSO.

 

The following articles provide additional information related to SSO configuration:

General Information

Provider-Specific How-to Guides: Express View (OIDC)

Provider-Specific How-to Guides: Express View (SAML)

Provider-Specific How-to Guides: Designer (SAML)