How to: Setup SAML Express SSO for Case Management Users
Overview
Unqork's Case Management Solution supports SAML Single Sign-On (SSO) for Case Management Express users. Once SSO Single Sign-On is an authentication scheme that enables users to use one set of login credentials across multiple services. is set up, Case Management end-users End-users, also known as Express Users, are the individuals accessing an application through Express View. In most cases, end-users are the customers using the product. access the Case Management application using assigned SSO accounts instead of an Unqork-specific email address and password. Setting up SAML Express SSO for Case Management users is similar to configuring SSO for regular Express users, but the Case Management Solution contains additional fields that must be mapped between Unqork and the SAML Security Assertion Markup Language (SAML) is a protocol that allows an identity provider (IdP) to send a user's credentials to a service provider (SP) to verify their identity and grant them access to a service. claim.
Setting Up SAML Express SSO for Case Management Users
You'll set up or edit an existing SAML Security Assertion Markup Language (SAML) is a protocol that allows an identity provider (IdP) to send a user's credentials to a service provider (SP) to verify their identity and grant them access to a service. SSO Single Sign-On is an authentication scheme that enables users to use one set of login credentials across multiple services. configuration to include the additional Case Management attributes. Once set up, administrators can create and assign Express users to specific Case Management applications. You'll also assign a role and team to the user.
What You Need
-
Environment-level Administrator Access
-
Access to the SAML Security Assertion Markup Language (SAML) is a protocol that allows an identity provider (IdP) to send a user's credentials to a service provider (SP) to verify their identity and grant them access to a service. IdP Identity provider (IdP) authentication is a process that verifies a user's identity and authorizes their access to applications and services. IdPs are systems that store and manage digital identities, including usernames, passwords, and biometric information. Configuration page
Create the SAML SSO Configuration
To create a new SAML Security Assertion Markup Language (SAML) is a protocol that allows an identity provider (IdP) to send a user's credentials to a service provider (SP) to verify their identity and grant them access to a service. Express SSO Single Sign-On is an authentication scheme that enables users to use one set of login credentials across multiple services. configuration, begin by configuring a new SSO on the Single Sign-On (SSO) Management page:
| 1. | At the top right of the Unqork Designer Platform, click Administration. |
| 2. | Under Environment, click Single Sign-On (SSO). |
| 3. | Click + New SSO ▾. |
| 4. | Select Express. The New Express SSO modal A modal is a window that appears on top of the content you are currently viewing. displays. |
| 5. | Based on your SAML Security Assertion Markup Language (SAML) is a protocol that allows an identity provider (IdP) to send a user's credentials to a service provider (SP) to verify their identity and grant them access to a service. SSO configuration needs, set up the Basic Information and Configure Protocol tabs accordingly. |
To learn more about configuring SAML SSO protocols, view our Setting Up Microsoft Entra ID for SSO in Express View (SAML) and Setting Up Okta for SSO in Express View (SAML) articles.
| 6. | After configuring the Basic Information and Configure Protocol tabs, proceed to the Attribute Mapping tab. |
| 7. | (Optional) If this is an existing SSO Single Sign-On is an authentication scheme that enables users to use one set of login credentials across multiple services., click the (Edit) button. |
| 8. | Map the following SAML Claims to their Unqork Attributes: |
| Example SAML Claim | Unqork Attribute | Description |
|---|---|---|
|
{{ NameID }} |
userId |
The Express User ID value. The SAML Claim value {{ NameID }} automatically maps to the Subject NameID on the IdP Configuration page. |
|
Administrator |
designerRoles |
Assign an Unqork Designer Platform Designer role to the user. To let Creators Also known as Unqork Users, or Designer Users; is anyone who is inside the Unqork platform. edit a Case Management application, assign a role with View, Update, Create, and Delete permissions. |
|
yes |
active |
Set the Case Management user to active or inactive, matching the Users User Management table's Active field. SAML Claim value options include:
|
|
[ "65e63119119f46fa628d3ac3123" ] |
applicationIdentifier |
Enter one or more Unqork application ID containing a Case Management Solution. You can assign Case Management users to multiple applications by separating applications with a space and comma. For example: [ {"6661e4dfbb328e3b54d8ae9a"} ,{65e63119119f46fa628d3ac3} ] |
|
{{ email }} |
|
The Case Management user's email address, matching the Users Email field. The SAML Claim value {{ email }} automatically maps to the E-Mail Address attribute on the IdP Configuration page. |
|
[ { "teamId": "66686aba3cac6787339f199b", "appId": "65e63119119f46fa628d3ac3123" } ] |
entitlements |
Assign user access to a team and application. To find the teamId and appId values in your application, open Case Management Setup, navigate to the Users's Teams tab, and copy the teamRecordId and applicationId values in the browser HTML bar. For example: https://{{yourEnvironment}}.cloud.unqork.io/app/case-management#/display/team?teamAction=Edit&teamRecordId=668bfbb26ba99d0ca75067c5&applicationId=65e63119119f46fa628d3ac3 |
|
ucm-administrator |
expressRoles |
Assign a Case Management Express role to the user, matching the Users Role field. Case Management roles include:
|
|
{{ firstName }} |
firstName |
The Express user's first name, matching the Users First Name field. The SAML Claim value {{ firstName }} automatically maps to the First Name attribute on the IdP Configuration page. |
|
{{ lastName }} |
lastName |
The Express user's last name, matching the Users Last Name field. The SAML Claim value {{ lastName }} automatically maps to the Last Name attribute on the IdP Configuration page. |
|
no |
flagAssignedTasks |
Specify if the user has been assigned a task in the Case Management application. Users with assigned tasks cannot be deleted. flagAssignedTask values include:
|
|
[ "66686aba3cac6787339f199b" ] |
teams |
Assign the user to a Case Management team, matching the Users Team field. To find team ID values, open Case Management Setup, navigate to the Users's Teams tab, and copy the teamRecordId value in the browser HTML bar. For example: https://{{yourEnvironment}}.cloud.unqork.io/app/case-management#/display/team?teamAction=Edit&teamRecordId=668bfbb26ba99d0ca75067c5&applicationId=65e63119119f46fa628d3ac3 |
|
Y |
flagSSO |
Enable flagSSO to prevent the profile from being edited in the Case Management Users tab. Setting the SAML Claim to Y (yes) requires administrators to map data for the user record using their identity provider mapping tool. |
|
{{ displayName }} |
name |
Displays as the user's name in the Case Management application. The SAML Claim value {{ displayName }} automatically maps to the Display Name attribute on the IdP Configuration page. |
| 9. | Click Save. |
The SAML SSO Configuration is now ready to use. Access the SAML Security Assertion Markup Language (SAML) is a protocol that allows an identity provider (IdP) to send a user's credentials to a service provider (SP) to verify their identity and grant them access to a service. IdP Identity provider (IdP) authentication is a process that verifies a user's identity and authorizes their access to applications and services. IdPs are systems that store and manage digital identities, including usernames, passwords, and biometric information. Configuration page to create and test your new Case Management Express users.
Resources
