Manage Single Sign-On (SSO)

This topic provides detailed steps for enabling and configuring SSO for streamlined authentication.

Access the SSO Setup tab

Do the following:

  1. Click on User Management from the Main menu. The User Management page is displayed.

  1. Select the SSO Setup tab.

Manage Single Sign-On (SSO)

Single Sign-On (SSO) allows users to log in using their existing credentials from an Identity Provider (IDP), streamlining access and enhancing security. This section provides details on configuring and managing SSO in AlgoSec Cloud.

Note: AlgoSec SaaS applications officially support Microsoft Entra ID (formerly Azure Active Directory) and Okta as SSO providers. Other SAML2 SSO providers may also work. Try to enable following the instructions below. If you encounter difficulties contact AlgoSec support for assistance.

Important: Users must have a valid email address, surname (last name), given name (first name), and name identifier in the relevant fields of the Identity Provider.

Set SAML attributes as specified by your identity provider.

  • For Entra ID, use:

    • Attribute Name= http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress  Value=user.email

    • Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname and Value= user.surname

    • Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname and Value= user.givenname

    • Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name and Value= user.principalname

    • (optional) Attribute Name=http://schemas.microsoft.com/ws/2008/06/identity/claims/groups and Value= user.groups [Application.Group]

      Note: If you are working with user groups, make sure to set the Source Attribute to sAMAccountName or Cloud-only group display names.

  • Similarly for Okta, use recommended attribute statements:

    • Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress and Name Format=URI reference format and Value=user.email)

    • Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname and Name Format=URI reference format and Value= user.lastName

    • Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname and Name Format=URI reference format and Value= user.firstName

    • Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier and Name Format=URI reference format and Value= user.login

    • (optional) Attribute Name=http://schemas.microsoft.com URI Reference/ws/2008/06/identity/claims/groups and Name Format=URI reference format and Filter= Matches regex:.*

To configure SSO user authentication

  1. In the Prevasio Main Menu, select User Management. Click the SSO SETUP tab.

  2. Enter the email of the IT admin associated with your account and click Send Parameters.

    The application parameters are sent to that email address.

    Note: Using the details sent by Prevasio, the IT admin generates the XML metadata file needed for the next step.

    Tip for IT department: For more information about Federation Metadata XML, refer to Identity provider documentation.

  3. Upload the XML metadata file provided by the IT admin and then click Activate SSO.

    Once activated, all users in the Users tab can log in with SSO.

    Note:

    • A check appears on the Users tab in the SSO Authenticated column after a user logs in at least one time using SSO.

    • +Add User is disabled for SSO-enabled tenants. Contact your IT department to add additional users.

Deactivate / Reactivate SSO

To deactivate SSO: Administrators can deactivate SSO on a tenant by clicking Deactivate SSO.

To reactivate SSO: Administrators can reactivate SSO using the previously stored XML metadata file by clicking Reactivate SSO.