IN THIS DOCUMENT
- What is Single Sign-On?
- How to access the Single Sign-On page
- How to set up Single Sign-On
- How to enable SSO with Okta as the Identity Provider
- How to remove Single Sign-On
- Additional Information
What is Single Sign-On?
Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials, rather than having to set up multiple usernames and passwords across platforms. The credentials are stored centrally in a cloud directory.Databox supports the SAML 2.0 Single Sign-on login standard. There are multiple Identity Providers supporting SAML SSO (i.e. Okta, OneLogin, Auth0, Azure AD, etc.)
SAML SSO works by transferring the user’s identity from one place (the identity provider, Databox) to another (your service provider). This is done through an exchange of digitally signed XML documents
Single Sign-On service is available for Admins on Growth and higher plans.
How to access the Single Sign-On page
- Open your Databox Analytics Account and navigate to Account > Account Management to open your Account Management Application.
- Navigate to the Administration section and click on Single Sign-On.
- Click on the Single Sign-On toggle to enable it
How to set up Single Sign-On
To set up SSO, you need to provide:
- Single Sign-on URL: this is an endpoint URL that you received from your Identity provider (i.e. https://idp.example.com/sso/saml)
- Entity ID (also called Audience URL): this is usually in the form of a URL that contains the Identity Provider’s name within it (i.e. https://idp.example.com/unique-id)
- X.509 Certificate: this is the Identity Provider’s public key to sign authentication assertions. There should be a place to download or copy the certificate hash from the Identity Provider. Just paste the certificate hash in the text area field.
When enabling Service Provider authentication, you will be prompted to use the following configuration by your Service Provider:
- ACS (Assertion Consumer Service) URL - value from Callback URL field (e.g. https://dbx-auth.fusionauth.io/samlv2/acs)
- Service Provider Entity ID - value from Issuer field - (e.g. https://dbx-auth.fusionauth.io/samlv2/sp/c065a58b-54e4-4f27-ab46-003203c128ec)
The fields Metadata URL and RelayState are optional and should be used only when required for specific set-ups.
Pro Tip: To enable Identity Provider authentication, please contact Databox's Support Team via live chat or at help@databox.com. We will generate a personalized Relay State that you will need to finish the set-up of your Service Provider.
How to enable SSO with Okta as the Identity Provider
Databox supports the SAML 2.0 Single Sign-on login standard, and there are multiple Identity Providers supporting SAML SSO. Okta is just one of them.
To make the setup in Okta easier, we have a verified Databox application in the Okta Integration Network ready. You can use it to set up Databox in Okta, assign it to your users, and then make the necessary steps in Databox (mentioned above).
Pro Tip: Both Service Provider and Identity Provider initiated login flows are supported. This means you can use the regular login page in Databox or login via Okta’s directory with just one click.
How to remove Single Sign-On
- Open your Databox Analytics Account and navigate to Account > Account Management to open your Account Management Application.
- Navigate to the Administration section and click on Single Sign-On.
- Click the Single Sign-On (SSO) toggle to disable Single Sign-On.
Additional Information
-
Service Provider provisioning is not supported. Users need to be created in Databox first, and then they can be authenticated via the Identity Provider to log in to Databox. We are matching the email in Databox with the email the Identity Provider is returning after authentication.
- Only one SSO provider can be set per Databox Account. (1 Account = 1 SSO Provider)