1. interopiO
  2. Using interopiO®
  3. Account management

SAML single sign-on configuration

Avatar
Interopion Support User

Overview

SAML-based single sign-on (SSO) allows user access to interopiO® through an identity provider (IDP) of your choice. You will need to configure both your identity provider and configure your interopiO Account to enable SSO for your account.

interopiO provides a step-by-step guide for the following identity providers:

  • Okta
  • JumpCloud

Identity Providers

Okta IDP

Configure the Okta SSO Application

  1. Navigate to the Admin Console in your Okta organization by clicking Admin in the upper-right corner.

  2. In the Admin Console, go to Applications > Applications.

  3. Click Add Application.

  4. Click Create New App to start the Application Integration Wizard.

  5. Select Web as the platform for your integration. Web is the only supported platform for SAML 2.0 applications in the OIN.

  6. Select SAML 2.0 in the Sign on method section.

  7. Click Create.

  8. On the General Settings tab, enter a name for your integration and optionally upload a logo.

  9. In the Single sign on URL field, enter https://ACCOUNT.interopio.com/account-api-2/login-sso (replace ACCOUNT with your unique account's registered path).

  10. In the Audience URI enter https://ACCOUNT.interopio.com (replace ACCOUNT with your unique account's registered path).

  11. Choose EmailAddress and Email for the Name ID format and Application username that must be sent to your application in the SAML response.

  12. For user attributes add the following attributes and point them to the corresponding Okta user values:

    • email

    • firstName

    • lastName

  13. Click Next.

Screenshot_2021-02-08_at_17.21.17.png

14. On the next step select I'm an Okta customer adding an internal app.

15. Click Finish.

Okta Settings for interopiO

  1. Select your app in Okta Admin console.

  2. Go to the Sign On tab.

  3. In the Settings menu click the View Setup Instructions button.

  4. Leave the new page open and navigate to interopiO console.

Configure interopiO Account

  1. Log in to interopiO as an administrator

  2. Navigate to the USERS & PERMISSIONS tab

  3. Expand the Authentication Configuration Card

  4. Press the Enable SSO Toggle

  5. In the SAML 2.0 Endpoint (HTTP) field, enter the Identity Provider Single Sign-On URL value on your Okta Setup Instructions page.

  6. In the Identity Provider Issuer field, enter the Identity Provider Issuer value on your Okta Setup Instructions page

  7. In the Public Certificate text field, paste the X.509 Certificate value on your Okta Setup Instructions page

  8. Click Save Auth Config.

JumpCloud IDP

Configure the JumpCloud SSO Application

  1. Access the JumpCloud Administrator Console at https://console.jumpcloud.com.

  2. Go to User Authentication > SSO.

  3. Select the + in the upper left, select Custom SAML App at the bottom

  4. In the IDP Entity ID field, enter https://YOURDOMAIN.TLD (e.g., https://example.com).

  5. In the SP Entity ID field, enter https://ACCOUNT.interopio.com (replace ACCOUNT with your unique account's registered path).

  6. In the ACS URL field, enter https://ACCOUNT.interopio.com/account-api-2/login-sso (replace ACCOUNT with your unique account's registered path).

  7. Check the Sign Assertion checkbox

  8. In the Login URL field, enter https://ACCOUNT.interopio.com/account-api-2/login-sso (replace ACCOUNT with your unique account's registered path).

  9. In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.

  10. In the USER ATTRIBUTE MAPPING menu add the following attributes:

    • email

    • firstName

    • lastName

Screenshot_2021-02-02_at_16.44.33.png

11. Select Activate.

 

Configure MFA on the JumpCloud SSO Application

Note: MFA is strongly recommended for interopiO Accounts containing PHI-enabled environments.

  1. Go to the user groups of the specific application

  2. Pick a user from that list and enable “Require Multi-factor Authentication on the User Portal” in the details section and then save.

  3. Next time the user logs into the Jumpcloud User portal, they will be required to enter an MFA

  4. Alternatively if the user tries logging into the admin console (the specific ones set up for MFA), and they are not logged into the JumpCloud User portal, they will be redirected to the portal and asked to enter their MFA and then be redirected to the admin console.

Configure interopiO Account for SSO

  1. Log in to interopiO as an administrator

  2. Navigate to the USERS & PERMISSIONS tab

  3. Expand the Authentication Configuration Card

  4. Press the Enable SSO Toggle

  5. In the SAML 2.0 Endpoint (HTTP) field, enter the same IdP URL that you set in the JumpCloud console (if you did not modify the termination of this URL, then enter the default URL: https://sso.jumpcloud.com/saml2/saml2).

  6. In the Identity Provider Issuer field, enter https://YOURDOMAIN.com (this should be the same value you entered while configuring JumpCloud).

  7. In the Public Certificate textfield, paste the contents of your public certificate.

  8. Click Save Auth Config.

 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.