Single Sign-On
Single Sign On (SSO) allows a customer to retain control of all user accounts on the InfoSum platform by ensuring that users log in to the platform using the Customer ID Provider (IDP) rather than using a username/password with InfoSum.
Infosum is successfully integrated with the following IDPs:
OKTA, Azure Active Directory, Ping, Google/GSuite IDP, MyID and ADFS
Please contact your Infosum CSM if you would like to integrate with another provider.
Infosum does not currently support the SAML (Security Assertion Mark-up Language) standard, only OIDC (OpenID Connect Protocol)
If a company with a common domain name will use multiple accounts within InfoSum to separate regional datasets or datasets for different LOBs, then please consult your InfoSum CSM.
Implementation
- The customer provides the name of their IDP/SSO provider to InfoSum.
- InfoSum provides the below information to customers:
- Redirect or Callback URL - This is where the IDP sends authentication responses.
- Login URL - Login page URL.
- The customer will then need to provide InfoSum with the following information:
- Client ID - This is obtained from the configuration page of your identity provider.
- Client secret - As above. This field is sensitive so will need to be sent to Infosum separately through support@infosum.com For security reasons please do not put any other information into the email and do not explain what it is, the header can be labelled up as ‘For Support’.
- OIDC Discover URI (also known as Discovery Document or OpenID Connect metadata document) - This is a URL that lists the configuration necessary for the identity provider to operate.
- Once Infosum has received this information, the Customer ID provider will be configured in the InfoSum platform.
- Infosum will confirm the Customer IDP is created.
- The customer will then be able to proceed using the Login URL provided in Step 2. They will need to use the 'Sign in with Private SSO' visible at the bottom of the Infosum platform login screen.
- This will allow the customer to log into the Infosum platform registering their user account. (*Note depending on the customer's company SSO implementation, they may have a separate application on their side built for the Infosum Platform that will allow them to login.)
- OIDC will check whether a user using the company domain is authorised to login. Once logged in successfully please contact your Infosum CSM or support@infosum to request the account that will be provisioned as an 'Owner' role. The Owner Role will then be able set company roles, rights and teams from the following page. More information is available on this page. Company-accounts-user-and-admin-guide
The Single Sign-On (SSO) integration is based on your InfoSum plan. This is because not all InfoSum Platform features come as standard - please contact your Customer Success representative for details.
Enabling SSO for existing users
To enable SSO for existing Infosum platform users who use username/password logins, it is necessary to have their accounts deleted to be able to switch from username/password login to SSO. This is because migrating a user from one login method to another while maintaining their account is not currently supported. All the Bunkers will be owned by the company when the account is deleted. However, you will need to recreate all the company roles/rights and any settings or feature flags once they re-register the new account using SSO.