LogoLogo
Archive
Archive
  • Introduction to Cymmetri Cloud 2.0
    • FAQ
      • Adding the Application
      • Supported Web Browsers
      • Forgot Password & Unlock Account
      • Cymmetri Error codes
      • Help
  • Getting Started with Cymmetri Cloud 2.0
    • What is Cymmetri?
    • Starting your Cymmetri Cloud 2.0 Trial
    • Accessing Cymmetri Cloud
    • First Time User Registration
    • Logging in as an end user
    • Setting up Multi-factor authentication rules for Login
  • Administration
    • Reports and Analytics
  • My Workspace
    • Getting Started
      • Introduction
      • Login with External Identity Provider - Social logins
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • Session Management
  • Application Management
    • FAQ
      • Support for Application Management
    • Getting Started
      • Introduction to Application Management
      • Adding Applications to be managed by Cymmetri
      • Assigning Applications to End Users
      • Configuring Connector Server
    • SSO How to
      • Configure Single Sign On
      • Configure SAML 2.0 Single Sign On
      • Configure API SSO
      • Configure OpenID Connect based Single SignOn
    • Provisioning How to
      • Azure Provisioning
      • Active Directory (AD) Provisioning
      • Google Apps (Workspace) Provisioning
      • LDAP Provisioning
      • Powershell Provisioning
      • REST Connector Provisioning
      • SCIM v2.0 Provisioning with Basic Authentication
      • SCIM 2.0 with Bearer Authentication
      • SCIM 2.0 with Fixed Bearer
      • Github Provisioning
    • Reconciliation How to
      • Configuring Reconciliation Process
  • Managing Users and Groups
    • Setting up Users and Groups
      • Create Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Setting up permissions for Delegation
  • Common Features
    • Features used throughout the Cymmetri Platform
      • Workflow Management
      • Configuring Webhooks
      • Multifactor Authentication (MFA)
  • Personalization
    • How to configure your tenant and personalize it
      • Adding new admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Add Branding to your tenant
      • Adding Custom Attributes for User Object
  • Authentication
    • Identity Federation
      • Steps to Configure Azure AD as External IDP for Cymmetri
  • Governance
    • Access Certification
      • Setting up and managing Access Reviews
  • Additional Tools
    • Miscellanous Tools and Utilities
      • Password Filter
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
Powered by GitBook

Cymmetri.com

On this page
  • Supported Single SignOn Mechanisms
  • Configuring Applications for Single SignOn

Was this helpful?

Export as PDF
  1. Application Management
  2. SSO How to

Configure Single Sign On

Cymmetri Single Sign On is a module that allows the end-user to simply authenticate once into the Cymmetri Identity platform web portal, and then access all the applications assigned to them without having to log in again into the target application.

The following article explains how to configure any application added to be managed in your Cymmetri Identity platform deployment to support Single SignOn mechanism.

Warning: Single SignOn Module needs to be enabled for your tenant for this configuration to be enabled and for Single SignOn to work.

Supported Single SignOn Mechanisms

Let us first visit the various supported Single SignOn Mechanisms available for the Cymmetri Identity platform.

SAML 2.0 SAML 2.0 (Security Assertion Markup Language) is a mechanism used primarily by web applications to share messages between each other to perform a Single SignOn for the end user.

OpenID Connect OpenID Connect refers to an authentication mechanism that is derived from the OpenID family of Single SignOn mechanisms. It enables the system to perform Single SignOn for a wide range of target application types (such as - Web applications, Mobile Native Applications, Desktop based Applications). It is therefore more versatile than SAML 2.0, and is more commonly used for mobile applications. It is also the mechanism used typically for social logins.

Warning: Please note that for using the above mentioned two mechanisms (SAML 2.0 and OpenID Connect), the managed application must support the corresponding mechanism.

REST API based SSO The above two Single SignOn mechanisms are based on well-accepted and standard mechanisms. However, there might be a few legacy applications in your organization, that for various reasons may not be able to integrate and support the above mentioned protocols, we have introduced Custom API-based SSO as an alternative Single SignOn Mechanism. This requires a few changes in the managed application code which will be referenced in the following section.

Note: Cymmetri Identity platform supports Custom API-based SSO mechanism. However, it is highly recommended to migrate to the aforementioned SAML 2.0 and OpenID Connect mechanisms.

Configuring Applications for Single SignOn

To allow your end-users to access applications managed by your Cymmetri Identity platform deployment, the applications must be configured for Single SignOn, and then assigned the application.

Redirect to Applications without Single SignOn

While it is not recommended for obvious reasons, as an administrator you may configure an application to be used simply for provisioning and redirection, without performing Single SignOn.

Note: The following section is to be used for configure only applications for which you do not need to perform Single SignOn. In case you need to configure any of the following Single SignOn mechanisms, you may skip this section and refer to the corresponding configuration in your chosen method of Single SignOn.

Configuring the Application URL

For configuring an application to simply redirect the enduser to the landing page of the managed application -

Once in the applications menu, click on the application tile for which you need to configure the landing page URL and then on the left side menu, select the SignOn menu item.

Toggle the “Enable Single Sign-On (SSO)” switch to open the corresponding configuration options.

Enter the landing page URL in the “Application URL” text box and click the adjoining “Save” button.

The popup indicating “SSO Updated Successfully” will indicate that the Application URL has been configured successfully for your application.

Conclusion

Assigning the application to an end user will show an application tile as shown below:

Clicking on the application tile, will redirect the user to the assigned landing page URL.

Last updated 1 year ago

Was this helpful?