Single Sign-on

Single Sign-on

Configuring SAML

You can configure SAML in your AOC Settings to enable Single Sign-on (SSO).

The SAML configuration option is under Settings -> User Management -> SAML 2.0. On this page you can provide your Identity Provider (IdP) metadata and configure your AOC’s Service Provider.

To enable SSO, upload the IdP Metadata and click the “Enable” button.

When manually creating SSO-enabled users in the AOC, make sure their username matches your installed IdP NameIDFormat.

Single Sign-on Single Sign-on

Just-in-time provisioning

You can also use Just-in-Time (JiT) provisioning to have user accounts created automatically when they try to log-in for the first time using SSO. Enter the email domain names for which you would like to have JiT provisioning in that section. The NameIdFormat used by your IdP should be nameid-format:emailAddress.

You can also enable encryption between the AOC and the IdP by providing a matching RSA key and certificate.