SKIP AHEAD TO: |
Single Sign-On In A Nutshell
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services using a single set of login credentials, such as a username and password. SSO simplifies the user experience by eliminating the need to remember multiple passwords and streamlines the login process.
SSO/SCIM terminology
Before connecting your Spekit account with SSO, here are some core terminologies to get familiar with:
- IdP: Identity Provider - is a service that stores and verifies digital user identities. Some popular examples are OKTA, Ping Identity, Pingfederate, OneLogin, Azure, etc.
- SAML: Security Assertion Markup Language - is an XML-based standard for exchanging authentication and authorization data between parties, particularly between an Identity Provider (IdP) and a Service Provider (Spekit).
- JIT: Just-In-Time - is a user provisioning method for on-demand user account creation. When a user attempts to access an application or service for the first time through SSO, JIT provisioning automatically creates a user account for them.
- SCIM: System for Cross-domain Identity Management - is an alternative user provisioning method for automated user management. SCIM provisioning streamlines user management by automating tasks like account creation, updates, and deactivation within Spekit.
- IdP-Initiated Login: Identity Provider Initiated logins refer to an SSO authentication flow where the login process is initiated from within your IdP rather than the Spekit login page.
- SP-Initiated Login: Service Provider Initiated logins refer to an SSO authentication flow where the login process is initiated from the Spekit login page rather than from within your IdP.
Initial Spekit SSO/SCIM configuration
From Spekit Web App > Settings > Connect
1.) Click the blue button for Connect with SSO/SCIM.
2.) You will be presented with a "Connect existing user data" modal.
This step aims to map existing Spekit users with the email on their IdP profile. This will prevent duplicate users from being created when they are provisioned through SSO.
Note:
- Do not edit the first two columns in the sheet.
- Do not remove rows from the sheet.
- Users should not be added/removed from Spekit when the sheet is downloaded and uploaded.
- Click the Download button.
- View the downloaded Excel sheet.
- Look for users with duplicate email addresses and/or have a blank "IdP Email."
- In the IdP Email address column, make sure the pre-populated email addresses match what the user would have on their IdP profile.
- Save the Excel file if changes were necessary.
- Click Choose File, and select the Excel file.
- Click Upload.
3.) You will now be presented with the Workspace Setup. Enter a unique Workspace name you want to use for your organization. In many cases, this will just be your company name.
- Please remember that this Workspace name may need to be used by your users if they're performing SP-Initiated logins.