Single sign-on (SSO) allows you to access your Redox dashboard account using a third-party identity provider. SSO helps control user access policies via a central resource for your organization. Redox supports identity providers compatible with the SAML protocol.
With SSO, a user from your organization enters their email on the dashboard login page, which then redirects them to your identity provider for authentication. If successfully authenticated, they're redirected back to the dashboard as a logged-in user.
For Standard (and above) customers, an organization owner can follow these steps to turn on SSO:
- Log in to the dashboard.
- On the navigation menu, your username displays at the bottom. Click your username for the user menu to appear.
- From the user menu, select the Organization Profile option.
- By default, the Organization Info page displays. Click the Settings tab.
- The page opens with the organization settings. Under the Single Sign-On section, toggle the SSO option to Enabled.Test before enabling SSOFor non-organization owners
- The rest of the page contains configuration details about your identity provider (IDP). Specific configuration details vary between IDPs, but the basic process is the same. Enter the following values from your IDP into the appropriate fields:
- Name: Enter the name of your IDP.
- Domain name: This field automatically populates with the company domain. In other words, where your organization's users have an email account. This field isn't editable.
- SAML metadata URL: Enter the public URL that points to your SAML metadata XML document. The XML document should include the entity ID and keys to use when validating the response from the IDP.
- Signing certificate: Enter the public key that your IDP uses to sign requests. This should be an X.509 certificate encoded in PEM or CER format. You can download the certificate from your IDP's system. There are instructions for locating the certificate for your relevant IDP at the end of this page.
- Sign-in URL: Enter the redirect URL for users in your organization to log in to the IDP.
- Confirm the Attribute mapping information. These fields populate automatically, but you should confirm them or adjust as needed.
- User full name: The name of the SAML attribute that your IDP uses for a user's full name.
- User email: The name of the SAML attribute that your IDP uses for a user's email address.
- Take note of the Redox authorization server values. This section contains the Connection Name, which you'll use to in your IDP configuration. Once you've populated all the required configuration fields and confirmed everything, click the Save button.
- After saving successfully in the dashboard, you must refer to your IDP for instruction on how to configure the SAML protocol from their end.IDP instructions
- Once both parties are enabled and setup is successful, all users must log in via SSO going forward. Previous username and password credentials no longer work.
After SSO is enabled, any new user who successfully authenticates via your identity provider is added to your organization. Existing users of your organization may not join another Redox organization.
Lastly, keep in mind that user access may be revoked by your identity provider.
Follow the instructions for your given IDP to enable SSO. For your convenience, we have instructions for the following IDPs.