LogoLogo
3.1.7
3.1.7
  • Getting Started
    • What is Cymmetri?
    • Release Notes
      • 3.0.1-Beta
      • 3.0.2-Beta
      • 3.0.3-Beta
      • 3.0.4-Beta
      • 3.0.5-Beta
      • 3.0.6-Beta
      • 3.0.7-Beta
      • 3.0.8-Beta
      • 3.0.9-Beta
      • 3.0.10-Beta
      • 3.0.11-Beta
      • 3.0.12-Beta
      • 3.1.0 - Product Release
      • 3.1.1-Beta
      • 3.1.2 - Product Release
      • 3.1.3-Beta
      • 3.1.4-Beta
      • 3.1.5-Beta
      • 3.1.6 -Beta
      • 3.1.7 - Product Release
      • 3.1.8 -Beta
      • 3.1.9-Beta
      • 3.1.10-Beta
      • 3.1.11-Beta
      • 3.1.12-Beta
      • 3.1.13-Beta
      • 3.1.15 -Beta
      • 3.1.16
      • 3.1.17
      • 3.1.18
      • 3.1.15 - Product Release
      • 3.0.x Consolidated
      • 3.1.x Consolidated
    • Starting your Cymmetri Trial
    • Admin Dashboard
    • Accessing Cymmetri
    • Supported Web Browsers
    • Cymmetri Error Codes
    • Help
    • Personalization
      • General Config
      • Admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Tenant Branding
      • Custom Attributes
      • API Client
      • Batch Tasks
      • API Extension
    • Global Search
  • Identity Hub
    • Managing Users and Groups
      • User Management
      • User Detail
      • Create Users
      • Edit Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Delegation
        • Setting up Delegation
        • Delegating Work to Delegatee
        • Accepting Delegation
      • Suspended Users
      • Archived Users
      • All Users Session
    • Authentication
      • Identity Provider
        • Internal IDP
          • Introduction
          • Internal Identity Provider Configuration: Cymmetri
          • Internal Identity Provider Configuration: Active Directory
          • Internal Identity Provider Configuration: LDAP
        • External IDP
          • Introduction
          • External Identity Provider Configuration - Google IDP
          • External Identity Provider Configuration - Azure IDP
          • External Identity Provider Configuration - Salesforce IDP
      • Service Provider
      • Authentication Rules
      • Password Policy
      • Global Auth Policy
      • Adaptive
    • Attribute Setting
    • Password Filter
    • Logs
      • Audit Log
      • Import History
      • Scheduler History
  • Lifecycle Management
    • Application Management
      • Support for Application Management
      • Getting Started
        • Introduction to Application Management
        • Adding Applications to be managed by Cymmetri
        • Assigning Applications to End Users
        • Application Detail
        • Dynamic Forms
        • Configuring Connector Server
        • 360 Degree Recon
      • Provisioning How to
        • Cymmetri Connector List
        • Supported Provisioning Operations
        • Azure Provisioning
        • Active Directory (AD) Provisioning
        • Google Workspace Provisioning
        • LDAP Provisioning
        • Powershell Provisioning
        • REST Connector Provisioning
        • SCIM v2.0 Provisioning with Basic Authentication
        • SCIM 2.0 with Bearer Authentication
        • SCIM 2.0 with Fixed Bearer
        • Github Provisioning
        • ServiceNow Provisioning
        • AMAYA
        • HRMS
          • Darwin Box
        • Database Provisioning
        • CSV Directory (Flat-file)
        • Managing Manual Application Assignments
        • SOAP Connector (XML)
        • Integration with Service Desk Management Systems
      • Reconciliation How to
        • Configuring Reconciliation Process
      • Rules
        • Provisioning
        • Deprovisioning
    • Workflow Management
      • Workflow Configuration
      • Workflow Rules
      • Pending Workflows
      • Workflows List
    • Teams Config
    • Configuring Webhooks
    • On Demand Access
    • Form Logic
  • Single Sign On
    • Introduction
    • SSO Configuration
      • SAML 2.0 Based SSO
      • API Based SSO
      • OpenID Connect Based SSO
    • Multifactor Authentication(MFA)
      • Introduction
      • Cymmetri Authenticator
      • Push Authenticator
      • Google Authenticator
      • SMS Authenticator
      • Secret Questions
      • FIDO Authenticator
      • Admin MFA Setting
    • Passwordless
      • Introduction
      • TOTP Based
      • OTP Based
      • Consent Based
      • FIDO Based
  • My Workspace
    • Getting Started
      • Introduction
      • First Time User Registration
      • End User Login Process
      • Forgot Password & Unlock Account
      • User Settings
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • On Behalf
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
  • Governance
    • Compliance Management
      • IGA Policy Violations
    • Insights
      • Reports
      • Risk
      • Management Dashboards
        • CISO Dashboard
        • CRO Dashboard
      • Industry Compliance
    • Access Certification
      • Setting up and managing Access Reviews
    • Recommendation Engine
    • Role Management
      • Role Mining
      • Entitlements
      • Managing Roles in Cymmetri
    • Segregation Of Duties (SOD)
  • Self-Service App
  • Analytics
    • Cymmetri Analytics
Powered by GitBook

Cymmetri.com

On this page
  • Supported Single Sign-On Mechanisms:
  • Configuring Applications for Single SignOn

Was this helpful?

Export as PDF
  1. Single Sign On

Introduction

Cymmetri's Single Sign-On (SSO) module is designed to simplify user authentication within the Cymmetri platform's web portal. With SSO, end-users authenticate just once, gaining seamless access to all their assigned applications without the hassle of repeated logins.

This article provides step-by-step guidance on configuring applications for SSO within your Cymmetri platform.

Note: Before proceeding with the configuration, ensure that the Single Sign-On Module is enabled for your tenant to activate and utilize SSO effectively.

Supported Single Sign-On Mechanisms:

1. SAML 2.0: SAML 2.0 (Security Assertion Markup Language) serves as a primary mechanism for web applications to exchange messages, facilitating Single Sign-On for end-users.

2. OpenID Connect: Derived from the OpenID family of SSO mechanisms, OpenID Connect offers versatile SSO capabilities across a wide range of application types, including web, mobile native, and desktop-based applications. It is therefore more versatile than SAML 2.0, and particularly well-suited for mobile applications and social logins.

Note: For either SAML 2.0 or OpenID Connect to function, the managed application must support the corresponding mechanism.

3. REST API-Based SSO: While SAML 2.0 and OpenID Connect adhere to established standards, certain legacy applications within your organization may face integration challenges with these protocols. To address this, we have introduced Custom API-Based SSO as an alternative SSO mechanism. This involves making specific code modifications to the managed application, as elaborated in the following section.

Note: While the Cymmetri Identity platform supports Custom API-Based SSO, we strongly recommend transitioning to the aforementioned SAML 2.0 and OpenID Connect mechanisms for enhanced security and compatibility.

Configuring Applications for Single SignOn

To allow your end-users to access applications managed by your Cymmetri Identity platform deployment, the applications must be configured for Single SignOn, and then assigned the application.

To enable end-users to access applications managed through your Cymmetri platform, applications must configure Single Sign-On for the desired applicationsa

Redirect to Applications without Single SignOn

While it is not recommended for obvious reasons, as an administrator you may configure an application to be used simply for provisioning and redirection, without performing Single SignOn.

Note: The following section is to be used for configure only applications for which you do not need to perform Single SignOn. In case you need to configure any of the following Single SignOn mechanisms, you may skip this section and refer to the corresponding configuration in your chosen method of Single SignOn.

Configuring the Application URL

For configuring an application to simply redirect the enduser to the landing page of the managed application -

Once in the applications menu, click on the application tile for which you need to configure the landing page URL and then on the left side menu, select the SignOn menu item.

Toggle the “Enable Single Sign-On (SSO)” switch to open the corresponding configuration options.

Enter the landing page URL in the “Application URL” text box and click the adjoining “Save” button.

The popup indicating “SSO Updated Successfully” will indicate that the Application URL has been configured successfully for your application.

Conclusion

Assigning the application to an end user will show an application tile as shown below:

Clicking on the application tile, will redirect the user to the assigned landing page URL.

Was this helpful?