Single Sign-On (SSO) Integration Overview
Single Sign-On (SSO) allows customers to maintain control over user accounts on InfoSum by ensuring that users log in using their chosen Identity Provider (IDP) instead of managing separate usernames and passwords. This approach enhances security and simplifies the user experience.
Supported IDP Providers
The InfoSum platform currently supports SSO integration exclusively with the OpenID Connect (OIDC) protocol. The following IDP providers are supported:
- OKTA
- Microsoft Entra ID
- Ping Identity
- Google Identity Platform
- ADFS (Active Directory Federation Services)
Please note that the SAML (Security Assertion Markup Language) standard is not supported. If you would like to integrate with an IDP provider not listed here, please contact your Customer Success Manager for assistance.
Prerequisites
Before initiating the SSO implementation process, ensure you have the following:
- Administrative Access: You must have administrative access to your IDP or coordinate with your IDP administrator to implement the integration on your behalf.
- Authorization: Ensure you have authorization from the admin to create and configure IDP applications.
- Inform InfoSum Support: Reach out to support@infosum.com for assistance in setting up the SSO implementation process for your selected IDP.
Information Required for Implementation
After contacting InfoSum Support, we will ask which IDP/SSO provider you wish to implement. We will provide the following information in response:
Callback/Redirect URL
- Format: https://accounts.infosum.com/authorization-code/callback/{customername-IDPType}
- Example: https://accounts.infosum.com/authorization-code/callback/infosum-okta
Login URL
- Format: https://accounts.infosum.com/login/{customername-IDPType}
- Example: https://accounts.infosum.com/login/infosum-okta
Sharing Information with InfoSum
After following the platform guides above to configure your application, you will need to provide the following information to InfoSum Support:
- Client ID: This is obtained from the configuration page of your IDP.
- Client Secret: As this is sensitive information, we recommend using an open-source message encryption service that allows for one-time viewing of the message, such as YoPass or OneTimeSecret. Send the generated link to support@infosum.com, and share the decryption key separately to sso.setup@infosum.com.
- OIDC Discovery URI: This is also known as the Discovery Document or OpenID Connect metadata document. It provides the necessary configuration details for the IDP to operate.
Testing the SSO Integration
After InfoSum has completed the SSO setup, you can test your login using the direct login URL provided by InfoSum, formatted as follows:
- Format: https://accounts.infosum.com/login/{customername-IDPType}
- Example: https://accounts.infosum.com/login/infosum-okta
Alternatively, you can use the "Sign in with Private SSO" option available at the bottom of the InfoSum login screen. This option will redirect you to your IDP’s login portal after you enter your email address.
This will direct you to your IDP’s login portal after you enter your email address.
Upon your first successful login, an account will be created for you. However, it will not be assigned a role by default. To gain access, please contact your company account “Admin” or "Owner" to have a user role assigned.
If your organization is onboarding with InfoSum for the first time, please reach out to your InfoSum Customer Success Manager (CSM) or email support@infosum.com to request that an "Owner" role be assigned to one of your users. This “Owner” role will have the ability to manage company roles, permissions, and teams through the designated settings page. For further details, please refer to the Company Accounts, User, and Admin Guide.
Conclusion
This article provides a general framework for integrating SSO across various platforms. For specific setup instructions tailored to each IDP, please refer to the individual guides linked above. If you encounter any issues or have questions, do not hesitate to reach out to our support team for assistance.