The Inbound Single Sign-On (SSO) feature allows a user to log in to the SIM management portal via a customer's Gateway web site. Typically a customer would have a web portal from which their users can navigate to various applications within the organisation without having to re-authenticate (i.e. without having to explicitly log in to those applications).
What are JWTs and JWT Shared Secrets?
This feature makes use of Java Web Tokens (JWTs). If the Gateway sends a valid JWT, the user is not asked to enter their credentials - they just allowed to log in directly. JWT requires the use of a code to be shared between the SIM portal and the Gateway. This is referred t as the shared secret.
How to set up SSO
Inbound Single Sign-On is configured in the Managed Accounts Screen.
- On this page, enter:
- the URL that will be used to send error messages. Error messages will be appended to this URL.
- the URL that will be used to logout of the Gateway when a user logs out of the SIM management portal. If you don't want users to be logged out of the Gateway when they logout of the SIM management portal then leave this field blank.
- Click Save
- Generate a JWT shared secret. This needs to be used by the Gateway in order for it to send valid JWTs.
IMPORTANT NOTE: Once you choose to generate a new shared secret, the SIM management platform starts using it. Hence you will need to make your Gateway use the shared secret in order to log in again.
- You are now set up for SSO
- SSO is not enforced. I.e. you can log in via a Gateway, or you can log in directly to the SIM platform.