What is SSO?
Single sign-on (SSO) is a user authentication tool that enables users to securely access multiple applications and services using just one set of credentials. IT admins can use a single portal for controlling their employee's access. In large corporations, this is ideal because new employees that join their company often need access to multiple software services. But, having the new employee sign up for each service on their own can be cumbersome and time-consuming. SSO centralizes the process by allowing an IT admin to give access for a new employee to multiple services at once through a single login profile.
How do we support SSO?
KUDO supports SSO via SAML 2.0.
SAML lets users sign in after successfully authenticating against your SAML identity provider and will also automatically create an account upon sign-in if one doesn't exist. The most common types of SAML implementations we support are via 3rd party vendors like OneLogin or Okta, but you can also integrate Active Directory with KUDO via SAML using ADFS.
What do I need to know before I set up SSO?
- KUDO servers (EU, COM, GOV, CA) are not connected with each other.. The SSO configuration applied to one of them, would not be applied to the other server.
- The user role will be automatically provisioned when a user gets invited to a session. By default, the user role is a participant, unless we receive another parameter from the SAML response.
- KUDO acts as the Service Provider (SP) and offers automatic user provisioning. You do not need to register as a user on KUDO. Once KUDO receives a SAML response from the Identity Provider (IdP), KUDO checks if this user exists. If the user does not exist, KUDO creates a user account automatically with the received name ID, using the default role, participant, if we do not receive another role parameter from the SAML response.
1. To get started, we will need the following information:
- Your Client Account
- Your Organization name
- Identity Provider (IDP)
2. Once we set up the Organization for you in KUDO, we will be providing you with:
- ACS URL (Consumer URL)
- Login URL
- Single Logout URL
- EntityID/Audience (the name of the SAML 2.0 connector, i.e kudo-sso);
3. Identity Provider (IDP)
- Login to your IDP, having Admin rights;
- Add a SAML connector
- Add the info we've provided you at step 2.
- Create and map the below custom parameters/fields:
Name Value First Name first_name Last Name last_name Role participant, interpreter, operator or viewer
If not assigned a role in the IDP, KUDO will assign a participant role, by default
- once a user gets invited to a session with another role, it will be associated with the user account. Upon login, the user can select what role is he/she planning to use
- Save the configuration
- Download the SAML metadata and sent it to us at firstname.lastname@example.org
4. Please provide us a list of the users that will be using SSO, as we need to configure the user profiles in our system to ensure they are part of the organization on our end.
5. We will get back to you with a confirmation message. Once configured, users can sign in with SSO.