Skip to main content

SSO

From Administration, SSO, admins can view and manage Single Sign-On (SSO) connections for your organization. For example, you can add new SSO connections, edit existing ones, set a default connection, and delete connections.

SSO is an authentication method that allows users to access multiple applications and websites with a single set of login credentials, eliminating the need for users to remember and manage separate usernames and passwords for each application and providing a more streamlined and secure login experience. For more information, see Understand SSO.

tip

To manage SSO, you must have the Admin role.

Add a new SSO connection

  1. Navigate to Administration, SSO.
  2. Select New connection.
  3. In the Set a display name for your connection field, enter a descriptive name for the connection. If necessary, you can later edit this name.
  4. In the Select field, choose your identity provider (IdP) or configure a custom SAML/OIDC connection.
    • To select a pre-defined provider, select an option from the list, such as Google SAML or Okta OIDC.
    • To set up a custom SAML or OIDC connection:
      1. Select Add an external connection.
      2. In the Source Organization ID field, enter the unique identifier for your organization within your IdP's system.
      3. In the Source Connection ID field, enter the unique identifier for the specific SSO connection you've configured within your IdP.
  5. Select Create.
    info

    You can't change the connection type after you create it. If you need to change the connection type, delete the existing connection and start over.

  6. Follow the on-screen configuration steps for the provider you selected. Complete the additional steps within your identity provider's admin console, such as adding the SixMap application, configuring attribute mappings, or setting up user permissions as necessary.
    info

    To complete a connnection setup, you must include https://sixmaptech.com/authenticate in your IdP’s list of redirect URIs.

  7. Attempt to log in to the SixMap app using the new SSO connection to verify the configuration.

SSO Authentication settings

Admins can configure specific authentication settings for an individual Single Sign-On (SSO) connection. This includes setting the connection as the default and enabling Just-In-Time (JIT) provisioning for users authenticating through this connection.

Edit authentication settings for an SSO connection

  1. Navigate to Administration, SSO.
  2. Select the menu under Actions next to the SSO connection you want to edit, and select Edit connection.
  3. In the Authentication settings section, select Edit.
  4. To set this connection as the default SSO connection, toggle the Default SSO connection option.
  5. To enable Just-In-Time (JIT) provisioning for users who successfully authenticate through this SSO connection, toggle the JIT provisioning option. For more information, see JIT provisioning.
  6. Select Save.

SSO role assignments

Admins can configure role assignments for users authenticating through a specific Single Sign-On (SSO) connection. This allows for automated role allocation based on connection or group membership.

Edit SSO connection role assignments

  1. Navigate to Administration, SSO.
  2. Select the menu under Actions next to the SSO connection you want to edit, and select Edit connection.
  3. In the Role assignments section, select Edit.
  4. To automatically assign a role to users who authenticate using the connection, select a role in the Connection Roles field.
  5. To also assign a role to users based on their group membership, select a group in the Group Roles field.
    info

    To assign group roles you must first add a "groups" key under Attribute Statements.

  6. Select Save.

SSO details

Admins can modify the detailed configuration of an SSO connection, including display name, IdP, app values, IdP values, and signing certificate.

Edit SSO connection details

  1. Navigate to Administration, SSO.
  2. Select the menu under Actions next to the SSO connection you want to edit, and select Edit connection.
  3. Select the connection's display name to open its details page.
  4. In the Details section, select Edit.
  5. Modify the fields from your IdP as necessary.
  6. Modify the Attribute Statements as necessary:
    • To edit an existing attribute statement, select Edit under Actions next to an attribute statement, modify the custom mapping as necessary, and select Save.
    • To add a new attribute statement, select Add new, enter the Key and Value, and select Save.
  7. Select Save.

Set a default SSO connection

  1. Navigate to Administration, SSO.
  2. Select the menu under Actions next to the SSO connection you want to use to automatically authenticate users, and select Set as default.
  3. Confirm your selection.

Delete an SSO connection

To delete an SSO connection, navigate to Administration, SSO. Next, select the menu under Actions next to the connection you want to remove, and select Delete.

caution

After you delete a connection, you cannot restore it. Any users who were automatically assigned roles roles through this connection, as well as users provisioned using JIT provisioning through this connection will lose access immediately.