Follow

SSO configuration guide (IT user)

Emburse Captio offers authentication with SALM2 for:

MICROSOFT:

If Microsoft Active Directory is available, it is possible that the ADFS server is installed.

 

WITH MICROSOFT AZURE AD: 

A Premium Azure AD subscription is required.

 

OTHER PROVIDERS:

For identity providers other than Microsoft ADFS or Azure AD, consult the identity provider to check compatibility with the authentications available.

 

NOTE:

All of the available authentications go through HTTPS encrypted with SSL and require a trust relationship to be established between the Service Provider and the Identity Provider.

Depending on the type of authentication to be used, complete the corresponding tab of the form provided.

 

 

 

SAML

In this authentication system, the data go through HTTPS encrypted with SSL and require a trust relationship to be established between the Service Provider and the Identity Provider.

 

Once configured, users can access Captio using their corporate username and password. Users must first enter their username in Captio and once detected, the authentication will be redirected to an authentication provided by the client, where users will re-enter their username and their password.

 

To set up WS-Federation, the following details are needed:

 

Captio Relying Party Identifier / Wtrealm: https://login.captio.net/[client_id]/Acs

Where [client_id] is your company identifier assigned to you by Captio.

It is a URI (not necessarily a URL) which identifies the relying party. The STS is used to decide whether to issue a token and what claims to add to it.

This identifier is used to identify the trust relationship with the federation service. Requests issued by Captio will use this identifier.



The following information must be supplied to Captio:

SSO2.png

Remote Relying Party Identifier

This is the identifier used by the identity server in SAML responses.

This is “Issuer” field in SAML responses.

 

Remote Metadata Address

This is the URL where Captio will look for the public metadata file for the identity server configuration. This file specifies, among other things, the endpoints necessary for communication between the SP and the IdP and the public certificate to validate the signing of tokens issued by the identity server.


Remote Logout URL (SLO) - Optional

This field can be used to force a specific logout URL. If this field is left blank, the configuration of federation metadata file will be used. 

 

Captio has detailed configuration guides for the following systems:

 

Go to Finalise configuration section for the next steps.

If you have any questions during the process, contact support at help@captio.com

 

Finalise configuration

 

It is recommended that a test be done with a single user before modifying the authentication type for all users in the environment.

 

The authentication method for a user can be modified by going to the “Users” tab and editing the user. There is a drop-down menu where you can select the authentication method that has just been configured. Once the changes are saved, the user will switch to the new authentication method.

 

The only user it can’t apply this is the administrator. To change a user's authentication method back to standard Captio authentication, go to the “Users” menu.

 

If you have any questions during the process, contact support at help@captio.com

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request