SSO Admin User Guide

SSO Admin User Guide

The SSO Administrator User Guide walks you through how to configure a Single Sign-On Provider for your organization, and how to set users up to log in to Experience Cloud using SSO. Once an SSO Provider is configured, you can add, update, delete, and manage Providers.

InfoAlert

Role Requirements

  1. Users with the [Owner] role assigned will be able to create, update and delete SSO Providers.
  2. Users with the [Administrator] role will be able to view configured SSO Providers but not edit or delete them.

 

Supported Authentication Types

  1. OpenID Connect (OIDC)
  2. SAML2

Supported Providers

Each supported Provider type has its own linked documentation.

ADFS

  1. External IdP Configuration - ADFS OIDC
  2. External IdP Configuration - ADFS SAML2

Auth0

  1. External IdP Configuration - Auth0 OIDC/SAML2

Azure

  1. External IdP Configuration - Azure AD OIDC/SAML2

Okta

  1. External IdP Configuration - Okta OIDC
  2. External IdP Configuration - Okta SAML2

PingOne

  1. External IdP Configuration - PingOne OIDC
  2. External IdP Configuration - PingOne SAML2

Info
Before you Begin:
  • One Provider must be set to Enabled and will serve as the SSO Provider used for logins.
  • The SSO Provider set to Enabled cannot be deleted.
  • Users logging in with SSO must be manually added individually, and their Username (email address) must match the email associated with their login for the configured SSO Provider.

Managing Single Sign-On Providers

You can add, update, delete, and manage your single sign-on Providers from the Single Sign-On page.
To access, navigate to Configuration > Single Sign-On.



Adding a Provider

Use the following instructions to add a new Single Sign-On Provider.







1. Click the "Add New Provider" button.


  1. Toggle the Enable button to enable the Provider
  2. Verify the Callback URL.
  3. (NOTE: This URL cannot be changed.)
  4. Verify the Sign Out URL.
  5. (NOTE: This URL cannot be changed.)
  6. Enter a name for the Provider.
    1. Enter a brief description for the Provider.
    2. Select a Provider from the dropdown.
      1. AzureAD
      2. PingOne
      3. Okta
      4. Auth0
      5. ADFS
  7. Select an Authentication Type from the dropdown.
    1. OIDC
    2. SAML2





Metadata URL
If Authentication Type is SAML2, you can user either the Metadata URL OR the Certificate.

Info
OpenMethods best practices suggest using the Metadata URL unless you are using an ADFS provider. If using an ADFS provider, use the Certificate.

For Metadata URL, enter the following fields:
  1. Issuer.
  2. Metadata URL. 

Info
The Metadata URL is validated after it is entered.



For Certificate, enter the following fields:
  1. Issuer.
  2. Certificate.
  3. Sign In URL.
  4. Sign Out URL.

  1. Click Submit to save the Provider information.


Updating Provider

You can update Provider information by clicking the three dots to the left of the Provider name and selecting an option from the menu.

Editing SSO Details



  1. Click the three dots to the left of the Provider name,
  2. Select Edit SSO from the menu.


  1. Edit the form fields with any updated information.
  2. Click Save to save your changes.

Setting a Default Provider 



  1. Click the three dots to the left of the Provider name.
  2. Select Set as Default from the menu.
  3. Enable the "I would like to set this as my default record" checkbox.
  4. Click the Set as Default button to save and set the Provider as the default.



Deleting a Provider



  1. Click the three dots to the left of the Provider name.
  2. Select Delete from the menu.
  3. Confirm you want to delete the Provider by entering the Provider name in the text field.
  4. Click Delete to delete the Provider.


Enabling and Disabling a Provider



  1. Click the three dots to the left of the Provider name,
  2. Select Edit SSO from the menu.
  3. Toggle Enable to on to enable the provider; untoggle Enable to disable.
  4. Click Save to save your changes.




Enabling Users for Single Sign-On

All users logging in to Experience Cloud with Single Sign-On need to be manually added. The user's email address is also their login ID.
Info
NOTE:
The email ID should match their user login username in the IDP.
To enable SSO for a user:


  1. Navigate to Configuration > User Management.
  2. Click the Actions button and then click Settings.
  3. Toggle Enable Single Sign-On to ON.
  4. Click Update to save.



Logging in with Single Sign-On

To log in to Experience Cloud:



  1. Navigate to the Experience Cloud URL.
  2. Click the Sign in with Single Sign On link at the bottom of the login page.
  3. Enter your email address.
    1. Click the Continue to SSO button.
    2. Complete SSO login with the external provider.



Info
Trouble logging in?
Contact your network administrator.


    Still can’t find an answer?
    Send us a ticket and we will get back to you.

      • Related Articles

      • User Management

        User Manangement Main Screen Filtering Options & Navigation Filtering Options & Navigation Filter by name or email Filter the list of users by name or email. Filter by Role Type Sort the displayed list of users by Role type. Invite Guest User ...

      • App Connector User Guide

        The AppConnector allows you to create and reuse secure server-side connections that connect third-party applications to OpenMethods Experience Cloud. Once connections are built, they can be reused using the Server-Side HTTPS/Webhook activity. Role ...

      • Dashboard User Guide

        Welcome to the New Dashboards Explore each section below to understand how your dashboards work and where to find key metrics. Example Dashboard Update Schedule Dashboards update daily at midnight UTC. All data reflects the most recent sync at that ...

      • inContact Configuration Guide

        Info This document is applicable to both InContact Central and UserHub configurations. Requirements The following items should be collected from the InContact Administration site. These items will be used in OpenMethods Config Server UI and Queue ...

      • External IdP Configuration - ADFS SAML2

        OpenMethods allows users to log in with a single sign-on (SSO) system using SAML 2.0. An identity provider (IDP) that supports SAML 2.0 can be set up in various ways, such as a self-hosted Active Directory Federation Services (ADFS) server. ADFS is a ...