Single Sign-On (SSO)
L
Written by Lise
Updated over a week ago

Intigriti supports Single Sign-On (SSO) through OpenID Connect (OIDC) for any identity provider of your choice. It will allow company members to easily and securely access Intigriti with their identity provider credentials.

πŸ’‘Please note that Intigriti does not sync user information between your identity provider and the platform.

Activating Single Sign-On

What do I need?

  • An Identity Provider (IdP) adhering to the OpenID Connect (OIDC) protocol.
    OpenID Connect is an identity layer on top of the OAuth 2.0 framework.

  • Your Identity Provider's discovery documentation.

  • A company administrator to configure the SSO settings.

Step-by-step

  • Go to Intigriti > Admin > More > Single Sign-On.
    ​

  • Add the following Identity Provider information with the help of the discovery documentation:

    • Identity provider name

    • Identity provider URL

    • Client ID

    • Client secret
      ​

  • Click Save. You can edit the information as long as the SSO integration is inactive.
    ​

  • Ensure that all the necessary configurations on the identity provider side are properly completed.

πŸ’‘To avoid potential lock-out of a company admin account, we recommend test-driving the SSO integration by having a company member, or another company admin try it out before converting all accounts. This will help ensure a smooth transition without any unintended consequences.

  • Click Activate.

Once SSO is activated, you can enforce SSO as authentication method by:

  • Converting the authentication method of existing members to SSO on the Company members page.

  • Adding new members with authentication method SSO.

Configuring your identity provider

Please find below a list of the most relevant articles along with additional tips to facilitate integration between our platform and your identity provider.

Okta

  • Create an application using the Okta guide.

    • Sign-in method: OIDC - OpenID Connect

    • Application type: Web application

    • Grant type: Client Credentials

    • Sign-in redirect URIs: < redirect URL >

    • Sign-out redirect URIs: < empty >

    • Base URIs: < empty >

    • Controlled access: < according to your company's policy >
      ​

  • Open the earlier created application via Console > Applications > Applications.
    ​

  • Go to General > Client Credentials.

  • Retrieve the following information:

    • Client ID

    • Client Secret
      ​
      ​

  • Go to Sign On > OpenID Connect ID Token.

  • Click Edit.

  • Select Okta URL.

  • Retrieve the Identity Provider URL (the URL between the brackets).

Auth0

  • Create an application using the Auth0 guide.

    • Application name: 'Intigriti'

    • Application type: βœ… 'Regular Web Applications'

  • Open the newly created application.

  • Go to Settings.
    ​

  • Retrieve the following information from the Basic information section:

    • Identity provider URL = Domain

    • Client ID

    • Client Secret

Add the Redirect URL provided on the Intigriti SSO Settings page to the Allowed Callback URLs in the Application URIs section:
​

Azure Active Directory

  • Sign in to Azure.

  • Navigate to Default Directory > Manage: Enterprise applications.
    ​
    ​

  • Click New application. You will be redirected to the Azure AD Gallery.
    ​

  • Click Create your own application.
    ​

  • Add the application name: Intigriti SSO.

  • Indicate the application purpose:
    βœ… Integrate any other application you don't find in the gallery (Non-gallery).
    ​
    ​

  • Click Create.
    ​

  • Go to the Default Directory > Manage: App registrations > All applications.
    ​

  • Select the earlier created application 'Intigriti SSO' and retrieve following info:
    ​

Client ID

  • Stay on the 'Intigriti SSO' Overview page.

  • Retrieve the Client ID here:
    ​

Client Secret

  • Stay on the 'Intigriti SSO' overview page.

  • Click Add a certificate or secret.
    ​

  • Add the client secret name and expiry date.

  • Click Create.

  • Retrieve the Client Secret here:
    ​

Identity provider URL

  • Go to Endpoints.
    ​

  • Retrieve the Identity Provider URL here:
    ​

Redirect URL

  • Go to Default Directory > Authentication.
    ​

  • Click Add a platform.
    ​

  • Select platform type: Web application.

  • Add the Redirect URL provided on the 'Intigriti SSO' Settings page.

Deactivating Single Sign-On


Please beware that upon deactivation of SSO:

  • The authentication method of all company members is set back to password.

  • All active converted company members will receive an email request to setup a new password and use this to login from now on.

  • Company members are no longer redirected to your identity provider and can only access Intigriti with their local account credentials.

Step-by-step

  • Go to Intigriti > Admin > More > Single Sign-On.

  • Click Deactivate.
    ​

Note that your SSO configuration will remain available, allowing you to easily enable it again in the future if desired.


​
​
​
​

Did this answer your question?