This is the first set of questions you will need to review when considering adding SSO to a FileBound site.
Questions you will need to consider:- What Identity Provider (IdP) does the client use (e.g. ADFS, OneLogin, Okta, Shibboleth)?
- Does the client have IT staff that have configured their Identity Provider with a SAML 2.0 Service Provider?
- Does the client have certain security requirements for their Service Providers?
Requirements to work with FileBound SSO:
- The Identity provider MUST Sign the Assertion.
- Client MUST have an existing/configured SSO Identity Provider (IdP) that is SAML 2.0 compliant.
- Client MUST have IT staff familiar with SSO/SAML with permissions to make changes to their IdP. FileBound does not help configure the client’s Identity Provider.
Limitations:
- The Identity Provider MUST accept Authentication Requests and send Assertion Responses with the Subject NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
- Assertion Encryption only supports SHA-1 at this time.