In order to smoothen your colleagues' user experience with the ITONICS solution, you can streamline and simplify the login process by integrating single sign-on (SSO). Your colleagues will not need to log in with a username and password anymore but are logged in automatically already. Our professional service team will guide and instruct your IT department on the one-time configuration that is necessary to configure standard protocols such as SAML 2.0.
In addition, it is possible to synchronize the full organizational details of each colleague with the user attributes in the ITONICS solution in order to further map your colleagues to specific user roles or user groups as well as contextual information that affects visibility and rating perspectives throughout the ITONICS solution. You will decrease the administrative effort required for maintaining access control of new, existing and former colleagues.
How Single Sign-On works
Login with SSO
- Call the system URL via any web browser
- When you land on the ITONICS Login Page you have to click on the button “Login for <client> employees. You will be redirected to your SAML Identity Provider (e.g. Active Directory Federation Services, Azure ADFS or OneLogin. Most SAML Identity Providers are compatible). An automated redirection when hitting the URL is also configurable.
- You will be asked to authenticate with your credentials at the Identity Provider
- The defined SAML token is sent back to ITONICS
- The SAML data is verified by ITONICS and if successful, you are authenticated
- When you complete this process for the first time, the system assigns a defined standard user role, creates a user account in the ITONICS user management, and imports the data defined in SAML claims. This includes attributes like User ID, Username, E-Mail, Prename, Surname, Location, etc. can be handed over.
This is the ITONICS standard procedure. It is also possible to assign the user roles in two different ways:
- User role is assigned by the Application Owner manually
- User role is assigned via SSO claims based on pre-defined Active Directory Groups on the client-side
Integrating SSO is the more technical side of things and usually requires the involvement of both IT departments (ITONICS & Client). Please get in touch with your Customer Innovation Success Manager to initiate the integration.
For a smooth integration following prerequisites should be taken care of:
- Clarify if you need/have a custom URL
- Get a Test User for ITONICS to test the SAML Integration (optional, recommended)
The following steps describe the ITONICS Standard Integration of SAML:
- ITONICS sends out the SAML Configuration document and the SAML metadata for the production system
- The Customer IT Team imports the metadata in their ADFS
- The Customer fills out the form and sends the metadata back to ITONICS
- ITONICS integrates the metadata of the customer
- After the metadata Exchange is done, the Login has to be tested
- If the Login works fine, the default Login of the system will be changed to SAML