This article aims to provide you with all information needed to set up an integration between Intigriti and an Identity Provider of your choice. It will give you an overview of the benefits, prerequisites and options of the SSO feature.

Please note that the intigriti platform does not sync user information from or to the Identity Provider. Whether or not particular users have access to the platform and whether or not they will be using SSO needs to be configured by a company admin in the platform by setting the company member authentication method.



What is it?

Single Sign-On (SSO) is an authentication method that allows your company members to easily and securely access Intigriti with their Identity Provider credentials. It provides a smooth experience as they no longer need to remember a separate password and only need to log in once.

What are its benefits?

  • Improved usability and employee satisfaction

Requiring separate usernames and passwords for each app is a burden & unrealistic for employees. Single Sign-On reduces that burden. In addition, signing in once saves time, and improves employee productivity.

  • Greater security and compliance

Usernames and passwords are a main target of cybercriminals. Every time a user logs in to a new application, it's an opportunity for hackers. SSO reduces the number of attack surfaces because users only log in once each day to their Identity Provider and only use one set of credentials.

What do I need?

  • An Identity Provider (IdP) adhering to the OpenID Connect (OIDC) protocol.
    OpenID Connect is an identity layer on top of the OAuth 2.0 framework.

Beware! Intigriti does not support SSO via SAML. Please contact your Customer Success Manager in case of questions.

  • Your Identity Provider's discovery documentation.

  • An Intigriti company administrator to configure the SSO settings.


Configure SSO

Start with opening the involved applications and the Identity Provider discovery documentation.

  • Go to Intigriti > Admin > More > Single Sign-On.

  • Insert following Identity Provider information (with the help of the discovery documentation):

Field

Definition

Identity provider name

The chosen name or unique identifier for your SSO configuration.

Identity provider URL

The URL of your Identity Provider used to authenticate the company member.

Make sure the URL starts with https:// and isn't a localhost.

Client ID

The unique identifier provided by your Identity provider.

Client secret

The client secret provided by your Identity Provider. Depending on the type of configuration, it may not be required.

  • Save your SSO configuration. You can edit your configuration as long as the SSO integration is inactive.

  • Note down the generated Redirect URL in an easily reachable location before inserting it in your Identity Provider's application. This URL will be used to redirect users back to Intigriti after a successful login.


Activate SSO

If the SSO setting is successfully configured:

  • Go to Intigriti > Admin > More > Single Sign-On.

  • Click on Activate in the right upper corner of the SSO configuration page.

When SSO is activated:

  • You will no longer be able to edit the SSO integration details.

  • You can start enforcing SSO as an authentication method by:

    • Converting the authentication method of existing members to SSO on the Company members page.

    • Adding new members with authentication method SSO.

Tip: Prevent a company admin account lock-out by test driving your SSO integration with a company member or another company admin before converting them all.



Deactivate SSO

If the SSO setting is successfully activated:

  • Go to Intigriti > Admin > More > Single Sign-On.

  • Click on Deactivate in the right upper corner of the SSO configuration page.

Upon SSO deactivation:

  • The authentication method of all company members is set back to password.

  • All active converted company members will receive an email request to setup a new password and use this to login from now on.

  • Company members are no longer redirected to the Identity Provider page and can only access Intigriti with their local account credentials.

Note that your SSO configuration will be saved in case you want to turn it back on again in the future.

Did this answer your question?