SAML SSO (Single Sign-on) authentication provides a secure and standardized method using SAML 2.0 to establish trust between Igloo Flex and a third-party identity provider (IdP). It allows users to log in with their organization's credentials and password through the IdP service.
Details
Small SSO (Single Sign-On) authentication allows users to log in to Igloo Flex with one set of organization credentials. The user experience while using SAML SSO follows:
- User navigates to your Igloo Flex digital workplace in their browser.
- If they are not logged in, they will be redirected to your organization's chosen IDP for authentication.
- The user logs in and is verified by the IdP. A secure token is created and passed back to Igloo Flex.
- Igloo Flex sees this secure token, logs the user in, and redirects them to the appropriate page.
This authentication method reduces password fatigue, improves security, and simplifies user management.
While users can log in with your organization's SSO, you can always log in with your Igloo authentication account by accessing the Login page. The Login page's URL is the digital workplace's URL with /login appended to it. For example:
https://solutionsinc.igloo.igloodigitalworkplace.com/loginConfigure SAML SSO authentication
As a workplace administrator, you can configure your SSO settings on the Login Settings page. For instructions for a specific IdP, see:
Once you have configured your SAML SSO settings, you may consider configuring the following additional features:
- SCIM (System for Cross-domain Identity Management): As a workplace administrator, you can configure a SCIM to connection to your IdP to automate the exchange of user identity information. SCIM lets you quickly integrate your users' profile information into Igloo Flex. For instructions to configure SCIM, see SCIM (System for Cross-domain Identity Management).
- Geo Access Restriction: As a workplace administrator, you can restrict the countries from which users can log in to the digital workplace when authenticating with SAML SSO authentication. If the user's current IP address location is not allowed, they will receive an error message: "You are not allowed to log in from your current location." When encountered, users should check in with a workplace administrator to ensure their country is granted access to the digital workplace. For instructions to configure Geo Access Restriction, see Configure security settings.