Setting Up Single Sign-On Authentication on a License

After receiving the necessary information back from your IT department, complete the following steps.

Permission Required?

For this activity, you must have the following permission setting:

For more information about permissions, see Setting User Permissions or Setting Team Permissions.

How to Set Up SSO Authentication on a License

  1. In the upper-right of Central, click your license avatar (or the first letter of your license if you haven't yet chosen an avatar image) and select License Settings.

  2. On the left side of the dialog, click Single Sign-On, then click Configure or Change Settings.

  3. Enter the SAML 2.0 settings that you obtain from your IT department.

    SAML Authentication Settings

    • Enable SSO for Central login This integrates SSO with your license. If this is not selected, users cannot log in via SSO and must use the other process of entering a Central password manually.

    • SAML 2.0 Login Endpoint (HTTP) This path is used when individuals log in.

    • (Optional) SLO Logout Endpoint (HTTP) Single log out (SLO) is a path used when individuals log out. You can leave this field blank if you don't intend to use it.

      Note The SLO option is supported only by some IdPs, specifically those that only use the usernameID in the call to the endpoints. Check with your IT department to see if your IdP supports SLO.

      Note This setting also allows Central users to enable an option to control how they log out (see Setting Up Single Sign-On Authentication on a License). When logging out, it can mean that they are only signed out of the Central license, or it can mean that they are also signed out of the IdP.

    • Identity Provider Issuer This is a unique string associated with your IdP.

    • Public Certificate Copy and paste the text from your certificate into this field.

    Single Sign-On Settings

    Note The fields "Create viewer users on demand" and "Default Teams" are covered in the next set of steps, which are optional. See Creating Viewer Users On Demand.

    UI Customization

    • Login Button Label By default, the button label is "Log in with third party," but you can change it. For example, you might want it to be more specific to your SSO provider (e.g., Microsoft Login).

    Example When finished, your settings might look something like this:

  4. Click Save.

What’s Next?

After enabling SSO and providing the configuration information, there isn't anything else you must do. However, you might decide you want to create viewer users on demand. In addition, individual Central users might want to determine their own logout behavior. See Other Activities for Single Sign-On.