Single Sign On

Support for Single Sign On (SSO) is provided. When activated, this feature allows users to switch between various organization tools and applications, including Prognosis without the need for separate logins. Single Sign On support is implemented by using Security Assertion Markup Language 2.0 (SAML 2.0) which is used to exchange authentication and authorization data between security domains.

Both Identity Provider (IdP) and Service Provider (SP) initiated logins are supported. Role-Based security within the Web Application will refer to SAML users and groups when configuring access to product functionality.

When Single Sign On is enabled, it will override any previously configured authentication mechanism, such as Active Directory or LDAP.

Requirements

To enable Single Sign On, the following components will be required:

  • An SSL certificate to establish trust with the SAMLv2 identity provider.

  • An Active Directory instance where all users have an email address attribute.

  • An Active Directory Federated Services instance.

System Administration Personnel

It is recommended that the following roles, if available, be used to assist in the configuration of SSO.

  • Prognosis administrator.

  • Active Directory Federated Services administrator.

  • Active Directory administrator.

  • Security administrator, to aid in the supply of certificates.

Recommendations

None at this time.

Provide feedback on this article