Skip to main content

Configure Federated Single Sign-On for Platform

This document describes how to enable Federated Single Sign-On (FSSO) for Platform customers.

Overview

The FSSO configuration process involves:

  1. insightsoftware provides configuration requirements to the customer
  2. The customer creates an IdP registration and generates required credentials
  3. The customer shares credentials with insightsoftware
  4. insightsoftware configures the Platform environment
  5. The customer validates the configuration

Process Steps

The following roles perform the configuration steps:

Role Description
Customer Organization with a cloud product requiring single sign-on
ISW insightsoftware contact person
DEV insightsoftware resource who configures FSSO

Configuration Workflow

Role Action
ISW Requests the following information from the customer:
  • Domain
  • Identity Provider (IdP)
  • Authentication protocol (SAML 2.0, OIDC, or OAuth)
  • SSO technical contact information
Customer Provides the requested information
ISW Provides IdP-specific configuration instructions based on the customer's authentication protocol
Customer
  • Creates IdP registration following the provided instructions
  • Provides ClientID/ClientSecret or metadata URL to ISW
ISW Creates a configuration request ticket with customer-supplied information
DEV
  • Configures SSO for the customer's Platform organization
  • Updates ticket when configuration is complete
ISW Requests customer validation of FSSO functionality
Customer Tests and confirms FSSO works correctly

Authentication Protocol Instructions

Select the instructions that match your IdP and authentication protocol.

Important Notes

FSSO enablement is an iterative process requiring:

  • Approximately one week for initial configuration (non-consecutive downtime)
  • Coordination with your SSO team
  • Complete testing before production deployment
  • Less than one hour of production downtime when properly tested

Okta SAML 2.0 Configuration

  1. Navigate to Applications.

  2. Select Create App Integration.

  3. Select SAML 2.0.

  4. Select Next.

  5. Enter the app name and complete other required fields. Select Next.

  6. Configure the following SAML settings:

    Field Value
    Single sign-on URL https://iswb2c.b2clogin.com/iswb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer
    Recipient URL https://iswb2c.b2clogin.com/iswb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer
    Destination URL https://iswb2c.b2clogin.com/iswb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer
    Audience URI (SP Entity ID) https://iswb2c.b2clogin.com/iswb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase
    Name ID format Unspecified

  7. Add the following attribute statements:

  8. Select Next, then Finish.

  9. Locate the metadata URL under View Setup Instructions.

  10. Copy the metadata URL and provide it to insightsoftware.

Okta OIDC and OAuth Configuration

  1. Navigate to Applications.
  2. Select Create App Integration.
  3. Set Sign-in method to OIDC.
  4. Set Application type to Web application.
  5. Select Next.
  6. Configure the following settings:
    Field Value
    Grant type Implicit (hybrid)
    Sign-in redirect URLs https://iswb2c.b2clogin.com/iswb2c.onmicrosoft.com/oauth2/authresp
  7. Select Finish.
  8. Ensure the IdP response includes these attributes:
    • firstName
    • lastName
    • email
  9. Copy the Client ID and Client Secret and provide them to insightsoftware.

Auth0 SAML 2.0 Configuration

  1. Navigate to Applications.
  2. Select Create application.
  3. Enter an app name and select Regular Web Applications.
  4. Select Create.
  5. Open Addons.
  6. Enable SAML2 WEB APP.
  7. In the popup, open Settings and set Application Callback URL to: https://iswb2c.b2clogin.com/iswb2c.onmicrosoft.com/oauth2/authresp
  8. Select Enable and close the popup.
  9. Copy the Identity Provider Metadata: Download link.
  10. Ensure the IdP response includes these attributes:
    • firstName
    • lastName
    • email
  11. Provide the metadata URL to insightsoftware.

Auth0 OIDC and OAuth Configuration

  1. Navigate to Applications.
  2. Select Create application.
  3. Enter an app name and select Regular Web Applications.
  4. Select Create.
  5. Open Settings.
  6. In Application URIs / Allowed Callback URLs, add: https://iswb2c.b2clogin.com/iswb2c.onmicrosoft.com/oauth2/authresp
  7. Select Save Changes.
  8. Ensure the IdP response includes these attributes:
    • firstName
    • lastName
    • email
  9. Copy the Client ID and Client Secret and provide them to insightsoftware.

Azure AD Configuration

  1. Sign in to the Azure portal.
  2. Verify you're using the correct directory:
    • Select the Directories + subscriptions icon in the portal toolbar
    • Find your Azure AD directory in the Directory name list
    • Select Switch
  3. Under Azure services, select App registrations.
  4. Select New registration.
  5. Enter a Name for your application (for example, Cloud Platform).
  6. Accept the default Accounts in this organizational directory only.
  7. For Redirect URI:
    • Keep the default value of Web
    • Enter: https://iswb2c.b2clogin.com/iswb2c.onmicrosoft.com/oauth2/authresp
  8. Select Register. Record the Application (client) ID.
  9. Select Certificates and secrets, then select New client secret.
  10. Enter a Description, select an expiration period, then select Add.
  11. Ensure the IdP response includes these attributes:
    • firstName
    • lastName
    • email
  12. Record the secret Value and provide it to insightsoftware with the Application ID.

Was this article helpful?

We're sorry to hear that.

Powered by Zendesk