Follow

Single sign-on (SSO)

Your organization can use an external identity provider (IdP) to log in to DISCO, instead of creating a separate DISCO username and password. All major IdPs are supported, including Active Directory Federation Services, Okta, Microsoft Azure AD, and others. SSO is configured and enforced for a specific email domain or domains, such as @customer-name.com. SSO can be configured for both login.csdisco.com and login.csdisco.eu, or independently configured for only one login page.  

My organization uses single sign-on. How do I log in?

When you are added to a DISCO database, you will receive an activation email with a link to log in to DISCO, instead of a link to create a password. When you log in, you will see a Single Sign-On Enabled notification. Enter your username in the text box and then click Log in.

On the next page, enter the username and password from your external identity provider (IdP) and then click Log in.

sso.png

If your IdP credentials do not work, contact your organization's technical support team.

My organization wants to enable single sign-on. How do we do that?

Contact our Support team to enable SSO for your organization. You can do this using the live chat in the bottom right-hand corner of your screen, by calling us at (877) 941-0583 from 8 AM to 7 PM CST every day, or by emailing support@csdisco.com.

The Support team will need the following information to enable SSO for your organization:

  • The user's email domain
  • The external identity provider (IdP) configuration values, including:
    • The single sign on URL
    • The log out URL
    • The signing certificate

SSO integration process

  • Test environment
    • Customer: share IdP metadata with DISCO
    • DISCO: configure IdP metadata and share DISCO metadata with customer
    • Customer: configure DISCO metadata
    • Customer: add test users in IdP
    • DISCO and Customer: test SSO workflow
  • Production environment
    • Customer: share IdP metadata with DISCO
    • DISCO: configure IdP metadata and share DISCO metadata with customer
    • Customer: configure DISCO metadata
    • Customer: add production users in IdP and add production users in DISCO app
    • DISCO and Customer: test SSO workflow
    • Customer: approve production SSO go-live
    • Customer: notify DISCO users of SSO go-live

Data parameters

Provided by the customer to DISCO:

  • SSO email domain(s); e.g., @customer-name.com
  • IdP metadata file
    • SSO URL
    • X509 Certificate (certificate to validate signed assertions)
    • Primary user identity attribute, commonly:
      • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
      • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
      • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email
    • Protocol Binding
      • HTTP POST or HTTP REDIRECT

Provided by DISCO to the customer:

  • DISCO metadata file
    • Assertion Consumer Service URL
    • Entity ID
    • X509 Certificate (certificate to validate signed assertions)
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Chat is online
Chat is woffline