What is Single Sign-On?
Single sign-on (SSO) is a centralized session and user authentication service in which a set of login credentials can be used to access multiple applications.
In simple terms, “SSO assists customers to sign in to connected domains or applications with one username and password.”
What is supported on Elevate Security?
Elevate Security supports Service Provider initiated SSO through most identity providers (IDPs):
- Directly through Amazon Cognito User Pools
- Federate through third-party SAML IDPs using SAML 2.0 standard.
- SSO login is available only for the Elevate Behavioral Security Platform and is used by the organization's admins.
- We do not support SSO access to Hacker's Mind or Pulse at this time.
How to configure SSO for Elevate Security?
- Identify your identity provider (IDP) for your organization
- Configure service provider (SP) entity for Elevate Security
- ACS_URL: https://elevatesecurity.auth.us-east-1.amazoncognito.com/saml2/idpresponse
- SP Entity ID (Audience): urn:amazon:cognito:sp:us-east-1_muR8BDrUU
- Relay State: Not Required
- SAML subject (NameID): Not Required
- SAML Attributes
- Attribute name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Attribute value: employee_work_email
- Access the Elevate Behavioral Security Platform and provide your IDP metadata URL
How to retrieve your IDP metadata URL?
The exact way to retrieve the Metadata URL will depend on the IDP, see below table for more details.
- Okta - On the Sign On tab for your Okta application, find the Identity Provider metadata hyperlink. Right-click the hyperlink and then copy the URL (more details <here>)
- Microsoft Active Directory Federation Services (AD FS - You can download the SAML metadata document for your ADFS federation server from the following address: https://<yourservername>/FederationMetadata/2007-06/FederationMetadata.xml.
- Auth0 - The metadata download document is obtained from the Auth0 dashboard. Choose Clients, and then choose Settings. Scroll down, choose Show Advanced Settings, and then look for your SAML Metadata URL. It should look like https://<your-domain-prefix>.auth0.com/samlp/metadata/<your-Auth0-client-ID>
- Ping Identity - The metadata download document is obtained from the Auth0 dashboard. Choose Clients, and then choose Settings. Scroll down, choose Show Advanced Settings, and then look for your SAML Metadata URL. It should look like https://<your-domain-prefix>.auth0.com/samlp/metadata/<your-Auth0-client-ID>.
If you have any questions about the specific requirements for Identity Providers we do not have listed, please reach out to your customer success manager who will connect you with our integrations engineer.