SSO setup

Read the following to discover how to configure SSO interconnection on the LockSelf application.

This option only applies to Private Cloud and On-Premises configurations.

Only the Administrator account can perform this action.

_______________________________________________________________________________________

Set Up the Configuration

  • Step 1: On the Administrator account, click on the Settings tab and then on the "SSO" module.

Capture d’écran 2024-10-18 à 09.57.34.png

  • Step 2: At this stage, you will need to upload the metadata from the IDP into the application. These metadata, in XML format, can be obtained either as a file or via a URL.

Capture d’écran 2024-10-18 à 10.00.48.png

To obtain these metadata, refer to the documentation related to the type of directory you are using: 

  • Step 3: Once the connector is created on your IDP, upload the metadata into the application by either dropping the file or copying and pasting the URL into the dedicated field.

  • Step 4: You will now be able to test the configuration from the application. Click on the "Start the test" button.

Capture d’écran 2024-10-18 à 10.01.40.png

A new tab will open, and you will be redirected to your SSO portal, where you will need to log in with your credentials. This step will be invisible if you already have an SSO session in your browser (be sure to check that tab opening is not blocked by the browser).

Once authenticated, and if there are no errors on your SSO portal, you will be redirected to a page where the following will be returned: 

  • The information sent by the IDP: the list of attributes and the UPN (if sent), respectively under the names "attributes_sent_by_idp" and "upn_sent_by_idp"
  • A list of potential errors in what is returned by the IDP under the name "lockself_errors"

Screenshot_2022-07-18_at_2.59.53_PM.png

Study of Errors

  • 'firstname' variable is required
    • This means that the IDP does not send the 'firstname' variable to the application. In this case, check the connector configuration. Also, ensure that the user you are testing with has a first name associated.

  • 'lastname' variable is required
    • This means that the IDP does not send the 'lastname' variable to the application. In this case, check the connector configuration. Also, ensure that the user you are testing with has a last name associated.

  • 'mail' variable is required. Can be skipped if 'upn' is sent
    • This means that the IDP does not send the 'mail' variable to the application. This variable can be omitted only if the UPN is sent by the IDP. If this is not the case, check the connector configuration. Also, ensure that the user you are testing with has an email associated.
  • 'groups' variable is missing. Maybe you don't want to use it
    • This means that the IDP does not send the 'groups' variable. Do not worry about this variable if you do not wish to synchronize your directory's group list with LockSelf. Note that not all IDPs offer the option to send user groups.

Updated