You do not have permission to edit this page, for the following reason:
You can view and copy the source of this page:
Return to SSO Configurations.
SSO is an authentication process that allows users to access multiple applications, after signing in once. Icertis supports SAML, OAuth and WS-Fed as Authentication protocols. This utility will also support configurations for all 3 protocols.
1. Click “Configure” tile and click “System Configuration”. The “System Configuration – Self-Service” tab will open.
WARNING!
The steps mentioned here must be performed by individuals with understanding and expertise of the SSO configuration process. If an incorrect configuration is deployed, users in your organization will not be able to access Icertis Contract Intelligence. If such an event occurs, you will need to contact us for support and rectification.
3. Click “Create” button, from the dropdown select the required SSO Configuration to be done from “SAML2 Configuration”, “WS Fed Configuration” and “OAuth2 Configuration”.
This facilitates you to configure single-sign-on using SAML protocol on the instance. The configuration supports single and multiple service providers. While creating a SAML configuration you need to perform the following steps:
How to perform SAML2 Configuration
4. From the “Create” dropdown click “SAML2 Configuration”. The “Create SAML2 Configuration” page will open.
5. Select the “Request Signing Certificate” from the dropdown.
6. “Assertion Encryption Certificate” is auto selected by the system depending upon “Request Signing Certificate” selection option
In case there are any custom certificates installed on that instance, that can be selected
7. Select the “Binding Type” from the dropdown.
8. Toggle the “Authentication Request Signed” and “Assertions Signed” switches as required.
9. Click “Generate Metadata” button once all the necessary fields are filled. The Metadata file will get downloaded in the system.
10. Click “Next”. The next page to add “Service Provider” and “Identity Provider” will open.
11. To add a “Service Provider”, click “Add Provider” button next to “Service Provider”. The “Add Service Provider” drawer will open.
12. Enter the “Logout URL”. Click “Save”.
13. To add an “Identity Provider”, click “Add Provider” button next to “Identity Provider”. The “Add Identity Provider” drawer will open.
14. Enter the “Metadata Location”.
15. Toggle the “Enable SP Initiated Logout” switch.
16. Select “Unique Claim Type” from the “Select Claim Type” dropdown (Refer the SSO IRD).
17. Click “Save”. The drawer will close.
18. Once both “Service provider” and “Identity Provider” are added. Click “Save”. The SAML2 Configuration will be configured.
19. Click on “Deploy”. The “Add External UPN” drawer will open, and pass the External UPN of a user who has admin access preferably so that they can login with the new configuration and use the ICI bulk upload capability to update the External UPN of all the other required users.
This facilitates you to configure single-sign-on using WS-Fed protocol on the instance. While creating a WS-Fed configuration you need to perform the following steps:
How to Perform WS-Fed Configuration
20. Select the “Unique Claim Type” from “Select Unique Claim Type” dropdown.
21. Click “Save”.
This facilitates you to configure single-sign-on using OAuth protocol on the instance. While creating an OAuth configuration you need to perform the following steps:
How to perform OAuth2 Configuration
22. Enter “Client ID”, “Client Secret”, “Scope”, “Authorization URL”, “Token URL”.
23. Enter the “Resource Owner Profile URL”, “IDP Logout URL”, “Redirect URL” and “Issuer” details.
24. Enter “Provider” details and “Post Logout Redirect URL”.
25. Select “Respond Mode” from “Select Response Mode” dropdown.
26. Select the required “Response Type”.
27. Enter “Tenant” details and “Policy ID”.
28. Select the “Unique Claim Type” from “Select Unique Claim Type” dropdown.
29. Click “Save”
Once the configuration is ready for deployment, user will be able to deploy the current configurations
1. Click “Deploy” from the three dots menu, user will be asked to enter external UPN of its current user.
Once the user enters the external UPN and clicks on deploy the configurations, the configuration will get deploy on the server which will change the SSO type appointing to the new configuration.
1. Click three dots next to the SSO configuration you want to edit, on the SSO Configuration index page.
2. The Edit SSO Configuration page will open, make the required edits and click “Save”.
You do not have permission to edit this page, for the following reason:
The action you have requested is limited to users in one of the groups: Users, User.
You can view and copy the source of this page:
Return to SSO Configurations.