Your organization can use an external identity provider (IdP) to log in to DISCO, instead of creating a separate DISCO username and password. All major IdPs are supported, including Active Directory Federation Services, Okta, Microsoft Azure AD, and others. SSO is configured and enforced for a specific email domain or domains, such as @customer-name.com. SSO can be configured for both login.csdisco.com and login.csdisco.eu, or independently configured for only one login page.
My organization uses single sign-on. How do I log in?
When you are added to a DISCO database, you will receive an activation email with a link to log in to DISCO, instead of a link to create a password. When you log in, you will see a Single Sign-On Enabled notification. Enter your username in the text box and then click Log in.
On the next page, enter the username and password from your external identity provider (IdP) and then click Log in.
If your IdP credentials do not work, contact your organization's technical support team.
My organization wants to enable single sign-on. How do we do that?
Contact us to enable SSO for your organization.
We will need the following information to enable SSO for your organization:
- The user's email domain
- The external identity provider (IdP) configuration values, including:
- The single sign-on URL
- The log out URL
- The signing certificate
SSO integration process
- Test environment
- Customer: share IdP metadata with DISCO
- DISCO: configure IdP metadata and share DISCO metadata with customer
- Customer: configure DISCO metadata
- Customer: add test users in IdP
- DISCO and Customer: test SSO workflow
- Production environment
- Customer: share IdP metadata with DISCO
- DISCO: configure IdP metadata and share DISCO metadata with customer
- Customer: configure DISCO metadata
- Customer: add production users in IdP and add production users in DISCO app
- DISCO and Customer: test SSO workflow
- Customer: approve production SSO go-live
- Customer: notify DISCO users of SSO go-live
Data parameters
Provided by the customer to DISCO:
- SSO email domain(s); e.g., @customer-name.com
- IdP metadata file
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email
- HTTP POST or HTTP REDIRECT
- SSO URL
- >X509 Certificate (certificate to validate signed assertions)
- Primary user identity attribute, commonly:
- Protocol Binding
Provided by DISCO to the customer:
- DISCO metadata file
- Assertion Consumer Service URL
- Entity ID
- X509 Certificate (certificate to validate signed assertions)