Enterprise SSO setup [SSO]

How to setup and enable Enterprise SSO in Settings

Uros Maksimovic avatar
Written by Uros Maksimovic
Updated over a week ago

Before setting up the SSO on the Insightful platform at Settings >> Security and Identity dashboard, you should create the Insightful application in your Identity Provider. During this configuration, you will be asked to input the below two details:

Audience URI (Entity ID):

https://app.insightful.io

Assertion Consumer Service (ACS) URl or Single Sign On URl:

Note: Leave the “Default Relay state” field blank until you obtain it after completing the first step on Insightful Security and Identity page.

In order for the user to be able to use SSO login, it is necessary to assign the application created on Identity Provider to the user.

Additionally, be mindful that under the User Attributes and Claims or Attribute Statements section, the following attributes are required to be mapped out:

  • firstName

  • lastName

  • email

  • id

    Next, to enable SSO Sign In option in Insightful, please go to Settings >> Security and Identity.

    Note: This can be performed by Insightful Admin user role only.

  • Click on Configure SAML button.

  • On the next step, please name the integration and enter the required details, obtained from the Identity Provider interface: Issuer ID, Login URL, and Identity Provider Certificate - which can be copied and pasted into the certificate field or uploaded like a Certificate file.

By completing this step, and upon a successful response from API, the status of SSO Configuration becomes Configured.

  • Next, Admin must copy our info (the response from the fields) into Identity Service Provider. The response contains of Default Relay State and Certificate. Certificate can once again be copied and pasted or downloaded as a Certificate file.

After this step is done, new window to verify SAML will appear. Click on Verify SAML button. Upon successful completion, the status of SSO Configuration becomes SSO Configured & Verified.

  • If you encounter an error message that there is no Encryption assertion - {"message": "Expected 1 EncryptedAssertion; found 0."} please do the following:

    • Download/copy the Service Provider Certificate from Insightful and upload it to Identity Provider’s app;

    • SAML configuration will be successfully set up afterward.

Note: There can be only one active SAML Configuration at a time. You can always edit the existing one or disconnect/remove it if you wish to add another one. 👉 Click here to learn how.

Step-by-step instructions for setting up SSO for each provider:

Did this answer your question?