The Single Sign-On (SSO) Management page makes it easy to add SSO configurations. From Single Sign-On (SSO) Management, you can easily add, preview, and manage SSO configurations in your environment using the SSO dashboard.
SSO configuration must be manually configured at each Unqork environment level: Staging, QA, UAT, and Production. SSO configurations in Single Sign-On (SSO) Management cannot be promoted to other environment levels. Each environment level should have a separate SSO configuration to ensure incorrect permissions are not accidentally granted in higher environment levels.
SSO Management also supports hard-coding application roles. To specify application roles, use the following format: <applicationId>:<roleName>. To specify multiple application roles, use a comma-separated list.
In this article, you'll learn the basics of using the Single Sign-On (SSO) Management page. In the Related Resources section, you can find links to related articles, including provider-specific how-to guides and detailed articles about SAML and OIDC in Unqork.
From the Manage drop-down, you can view, edit, preview, or delete an SSO configuration.
Adding an SSO Configuration for Express View
These instructions outline the basic steps to add an SSO configuration to the SSO dashboard. The individual steps and field values vary based on your SSO provider, and whether you configure SAML or OIDC. See the Related Resources section for further information.
1.
At the top right of the Unqork Designer Platform, Click Administration.
These instructions outline the basic steps to add an SSO configuration to the SSO dashboard. The individual steps and field values vary based on your SSO provider, and whether you use SAML or OIDC. See theRelated Resources section for further information.
1.
At the top right of the Unqork Designer Platform, click Administration.
After adding an SSO configuration, preview it to confirm it works. From the SSO dashboard, you can preview the Unqork entrypoint and use a set of test credentials from your SSO provider to test the configuration.
For SAML-based configurations, previewing your configuration only tests an SP-initiated flow. Remember to also test an IdP-initiated flow. Our provider-specific how-to guides have more information.
To preview an SSO configuration:
1.
At the top right of the Unqork Designer Platform, click Administration.
2.
Under Environment, select Single Sign-On (SSO).
3.
Select the Express or Designer tab.
4.
In the SSO dashboard, locate the SSO configuration to preview.
5.
Under the Actions column, click Manage.
6.
From the Manage drop-down, select Preview. The Unqork entrypoint link opens in a new tab.
You might need to preview your configuration in an Incognito window to properly test the configuration. In that case, right-click Preview and select Copy Link Address. Then, paste the link address in a new Incognito window.
7.
Log in using your test credentials.
Viewing an SSO Configuration
After adding an SSO configuration, it's useful to review its configuration details, like attribute mappings.
To view an SSO configuration:
1.
At the top right of the Unqork Designer Platform, click Administration.
2.
Under Environment, select Single Sign-On (SSO).
3.
Select the Express or Designer tab.
4.
In the SSO dashboard, locate the SSO configuration to view.
Review the settings in the Basic Information, Configure Protocol, and Attribute Mapping tabs as needed.
8.
Click Done.
Editing an SSO Configuration
At some point you might need to edit the SSO configuration's details. For example, revising attribute mappings or default groups. You'll view and edit SSO configurations from the same SSO configuration modal. To edit your SSO configuration, you must intentionally enable editing.
To edit an SSO configuration:
1.
At the top right of the Unqork Designer Platform, click Administration.
2.
Under Environment, select Single Sign-On (SSO).
3.
Select the Express or Designer tab.
4.
In the SSO dashboard, locate the SSO configuration to edit.
Make changes to the settings in the Basic Information, Configure Protocol, and Attribute Mapping tabs as needed.
9.
Click Save.
Deleting an SSO Configuration
Whether an SSO configuration is no longer needed or you changed SSO providers, you'll need to delete SSO configurations from your SSO dashboard at some point.
Deleting an SSO configuration is permanent and irreversible.
To delete an SSO configuration:
1.
At the top right of the Unqork Designer Platform, click Administration.
2.
Under Environment, select Single Sign-On (SSO).
3.
Select the Express or Designer tab.
4.
In the SSO dashboard, locate the SSO configuration to delete.
5.
Under the Actions column, click Manage.
6.
From the Manage drop-down, select Delete.
7.
At the confirmation message, click Yes, Delete.
Related Resources
The following articles provide additional information related to SSO configuration:
General Information
Unqork as a SAML Service Provider: Detailed information about SAML and SAML-based configurations, including what to enter in each field.
OpenID Connect (OIDC): Detailed information about OIDC and OIDC-based configurations, including what to enter in each field.