SSO Autentication
SINGLE-SIGN-ON AUTHENTICATION
SSO, or Single-Sign-On, is a feature that allows users to log on to different applications with a single set of credentials. This provides the user with easier access to a set of enterprise applications, as well as giving IT greater control over user account access.
Fracttal provides 3 different SSO authentication methods:
- Authentication with G-Suite (Google Account Plan).
- Authentication with Office 365 (Microsoft Account Plan).
- Authentication using the SAML standard.
AUTHENTICATION WITH G-SUITE /AUTHENTICATION WITH OFFICE 365
SSO authentication with G-SUITE (Google) and Office 365 (Microsoft) is implemented natively within Fracttal.
To make use of this functionality, it is necessary that the users created within Fracttal have the same Google/Microsoft email account associated with them.
To log in using SSO, click on the Google or Microsoft button, as appropriate.
And then Fracttal will open the authentication in the email of each platform.
Example of Microsoft authentication:
Example Google authentication:
SAML 2
SAML (Security Assertion Markup Language) is a standard that allows the exchange of information for single sign-on (authentication and authorization) or SSO between different parties (applications). The participants in this authentication are the identity provider and the service provider.
**The service provider is the entity that grants a user permission or access to a resource. Fracttal acts as the service provider.
**The identity provider is the entity that provides the infrastructure necessary for user authentication. In this case, the identity provider is the application that has registered the users and controls their access. Some examples of applications that can be identity providers are Active directory, Okta, among others.
Through SAML, a service provider connects with an identity provider online to authenticate users trying to access secure content.
AUTHENTICATION USING SAML IN FRACTTAL
To use Single-Sign-On authentication in Fracttal, using the SAML standard, the configuration must be done in the Configuration Module https://one.fracttal.com/config under the Security - SSO option:
In this SSO configuration, the identity provider information must be entered:
| Field | Description |
|---|---|
| SAML Code | Name of communication |
| Entry Point | URL where Fracttal sends a SAML request to initiate the login. |
| Issuer | Also called EntityID. Contains information that the identity provider uses for internal checks. |
| Logout redirection URL | URL where the information is sent when the user logs out from Fracttal |
| Certificate | Authentication certificate issued by the identity provider |
Within the SSO authentication through SAML, Fracttal uses the Authentication Request Protocol, which consists of receiving information related to valid or invalid login.
The technical interaction of SSO login between Fracttal and another platform can be seen in the following graphic:
Configuration for authentication with Fracttal via SAML in your identity provider** Configuration for authentication with Fracttal via SAML in your identity provider.
To use SAML authentication, access must be configured in the identity provider, so that it has identified the application and knows where it should return requests.
| Field | Description |
|---|---|
| EntityId | Name of the communication in the identity provider. If possible use the same name used in Fracttal. |
| Attribute Consume Service Endpoint | Also called callbackurl. URL where the SAML request response will be returned, you must use the url https://one.fracttal.com/rpc/auth/samlcallback?codesaml ={codesaml} replacing {codesaml} by the code registered in the Fracttal configuration. |
| Single Logout Service Endpoint | Url from where the identity provider expects to receive logout requests. You must use https://one.fracttal.com |
| NameId Format | Format of username returned to Fracttal. EmailAddress must be used |
SSO AUTHENTICATION WITH ACTIVE DIRECTORY
Customized authentication in Fracttal using Single-Sign-On is performed under the SAML 2.0 standard.
Therefore, in order for users in Fracttal, to authenticate using Active Directory (AD), the AD must be configured to be the authentication identification provider. The following URLs have the Azure AD documentation, of the SAML configuration:
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/saml-toolkit-tutorial
In case you do not have the option to create a native SAML communication, you must develop the AD to be the authentication provider.
Updated about 1 year ago