SmartKey accounts can be integrated with third-party Single Sign-on (SSO) providers. When an account is configured for SSO, users in that account will be able to login with their SSO credentials. Currently, the only available SSO mechanism is SAML.
Configuring a SAML provider
To enable SAML for your account, first obtain the Identity Provider (IdP) metadata XML file. Then, as the account administrator, go to the Single Sign-On tab on the Account Settings page. Click enable and upload or paste the SAML IdP metadata, then click save. The IdP must meet the requirements set forth below. The SSO configuration page will inform you if the provided IdP metadata is compatible.
SAML Identity Provider requirements
In order to use a SAML IdP with SmartKey, the IdP must:
- Adhere to SAML 2.0, Web Browser SSO profile
- Use one or more signing keys specified as an X.509 certificate
- Use the
- Accept the POST binding for requests
- Not require signed requests
- Use the POST binding for response
- Sign responses, assertions, or both
Warning: administrator lock-out
If the SSO mechanism is misconfigured, you will not be able to login to your account. When updating the SSO configuration, make sure to test logging without logging out or letting your current session expire. The most convenient way to test is with a different browser or a private browsing session.
Different accounts might have different SSO providers. As such, a user can be in multiple accounts with different SSO providers. Such a user will need to select which SSO provider to use during the login process. When switching accounts, a user might need to reauthenticate to satisfy the new account’s authentication requirements.