Configuring Single Sign-On
  • 22 Feb 2024
  • 1 Minute to read
  • Dark
    Light

Configuring Single Sign-On

  • Dark
    Light

Article summary

Abstract

This page introduces configuring Single Sign-On (SSO) for Infinite BrassRing Platform. For more information on refreshing, renewing, or replacing SSO Certificates, see Refresh, Renew, or Replace Certificates.

Single Sign-On (SSO) allows a user to log in, by using their organization’s login username and password. Then, without logging in again, they can access multiple websites and web applications that are provided by a third party, in this case, Infinite BrassRing Platform.

Infinite BrassRing Platform supports Single sign-on to enable users to securely access all services in the Infinite BrassRing Platform that they are entitled to use, with a single log-in.

With SSO configured, when a user attempts to log in to Infinite BrassRing Platform directly, or accesses Infinite BrassRing Platform from their organizations network, Infinite BrassRing Platform relies on the users’ organization to verify the users login name and password. After the user has logged-in, the user can access any Infinite BrassRing Platform applications that they are authorized to use, without having to log in again when they move from one application to another.

This document provides guidance on the following general areas that are needed to configure Infinite BrassRing Platform SSO:

  • Setting up Service Provider (SP) Inbound SSO.

  • Managing Certificates Refreshes.

  • Troubleshooting SSO.

It is recommended that the Infinite BrassRing Platform administrator contacts their IT department for technical support. The IT department might be able to support the administrator with:

  • SAML metadata files

  • SSO certificates

  • Configuring information about your organization's Identity Provider (IdP)

To set up Infinite BrassRing Platform Inbound SSO, an IdP system needs to be configured to know what SP to talk to and how to pass the user information between them. Similarly, Infinite BrassRing Platform, as the SP, needs to be configured to know, which IdP to trust. Both systems need to trust the authenticity of the others’ communications and this is established by the encrypted certificates that are shared between the systems. These certificates need to be refreshed periodically.

For more information on the terminology used in this document, see Common Terminology.

There are three steps to this process: