Summary
PathFactory provides Single Sign On support using Security Assertion Markup Language (SAML version 2.0). SAML is a standard protocol that gives third party Identity Providers (IdP) a secure way to let a service provider (SP) such as PathFactory authenticate users through a single login credential.
|
Note
|
Single Sign On currently supports G Suite, OneLogin, and Okta as Identity Providers. We also provide the option of a generic SAML 2.0 configuration for clients using other standard SAML 2.O Identity Providers. To configure Single Sign On in your organization, please contact your CSM or support@pathfactory.com to provide access to this feature. |
Benefits of SSO
Corporate Security
SSO allows you to centralize control over provisioning with fewer points for identities to be breached, and enforce corporate standards like multi-factor authentication.
User Experience
SSO helps relieve the need for users to manage multiple accounts and passwords.
Single Sign On Requirements for PathFactory
- You must have Admin access in PathFactory to configure SSO
- You currently have G Suite, Okta, or OneLogin as your Identity Provider, OR the ability to manually configure your SSO using our generic SAML 2.0 option
- All email addresses for PathFactory users must exist in the Identity Provider
Configuring Single Sign On
Step 1: Contact either your CSM or PathFactory Support to request access to Single Sign On.
Step 2: Configure SSO for your organization from the Organization Settings section in PathFactory, according to your specific IdP: G Suite, Okta, or OneLogin.
Step 3: Adjust your Mixed Mode Login settings.
Step 4: Test your SSO configuration by logging out and logging back in.
|
Note
|
On the login page there should be a button corresponding to your Identity Provider. Please ensure you can login by clicking on the Identity Provider button. |
Single Sign On
Sign in with email and password option when Single Sign On (SSO) is configured
You have the option to enable or disable email and password login for your users when SSO has been configured for your organization.
Being able to disable email and password login helps reduce confusion for the users by allowing them to see either SSO or the email/password option. This also adds additional governance to your instance such that only users that are associated with your organization and have an account with PathFactory can access your PathFactory instance. By default SSO is enabled.
To use this feature, follow these steps.
- Click on your login name and then select Organization Settings.
- Select the Single Sign On tab.
- If you have enabled SSO at your organization, you can decide whether or not to also display a login option for using an email and password. If you want to allow this option, ensure the toggle is turned on (as shown below).
Note: If you do not have SSO enabled for your PathFactory instance, this toggle does not appear.
4. Click Save.
5. When you log on next time to your PathFactory instance, you see something like this.
Notice at the bottom of the menu there is an option for using an email and password as login credentials, or your user can click the Single Sign On button to log in that way. This functionality is compatible with G-suite, onelogin, okta and SAML.
Below is an example of a login menu that has Single Sign On option only.
