Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Introduction

An Identity Provider (IdP) offers user authentication as a service. It is a trusted provider that allows the use of single sign-on (SSO) to access other application. SSO enhances usability by reducing password fatigue as passwords are maintained on your IdP.

Set Up Identity Provider

Requirements

To enable SSO on HIAB/OUTSCAN you will have to import meta-data from your IdP into HIAB/OUTSCAN. You will also need to export the service provider’s meta-data from HIAB/OUTSCAN and import it to your IdP.

Note

While reading the response from IdP during signing in to our portal, we accept signed assertions with parameters. The parameters list which your IdP is returning in response must include your user name in a parameter. By default it is set to parameter named uid but you can set up to different parameter (eg Subject attribute).

Set up Identity Provider Integration

To set up Identity Provider:

  1. Go to Menu > Settings > Integrations > Identity Provider.



  2. Provide the below information to enable Identity Provider (IdP):
    • Enabled: Select the Enabled checkbox to enable the protocol for single sign-on trusting another source to log in.

 Use one or both of the following option to provide metadata of IdP:

    • Get metadata from file: Select Identity provider’s metadata file by clicking the + symbol beside the field.
      Metadata contains information such as how it works, what type of login is acceptable and so on.
    • Get metadata from URL: Provide a URL from which the OUTSCAN or HIAB (Service Provider) should fetch metadata from IdP.
    • Subject attribute: Enter uid string. This field cannot be left empty.

      Note

      The parameter name must be typed as expected in the SAML authentication response (one single word starting with lowercase and may include some upper cases (eg camelCase)).

    • Signature hash algorithm: Select between SHA-256 or SHA-1.

After enabling the required settings:

  1. Click Save to save the current settings.
  2. Click Reset to fully remove the current settings. This disables the integration.
    • IDP Metadata: Click this button to display the currently uploaded metadata of the Identity Provider.
    • SP Metadata: Click on this button to display the service provider’s metadata.

Reference

Integrations