Please use the below user guide to configure and manage Single Sign-On (SSO) for X-Analytics within your organization. You can use the below table of contents to navigate to particular areas of reference within the guide.
SSO configuration
SSO can be configured on the organization management page. Permissions to configure SSO for an organization are granted to users with the organization admin role assigned to this organization.
Subscription
SSO configuration is available for selected subscription tiers. Users can add SSO login method to their organization if they have one of the following subscription tiers:
Enterprise
Private Equity
Before configuration, the SSO method will be visible on the list with the status 'inactive'.
The SSO login method is not available for subscriptions:
Core
Professional
The SSO method is visible on the list of possible login methods, but it is grayed out and its status is 'not included'. In this case, SSO cannot be configured.
SAML
You can access SSO configuration by clicking the action menu next to the SSO login method. In the configuration window you can select Authentication Protocol: SAML. Then provide:
Provider Name
Identity Provider Entity ID
SSO URL
Certificate
Service Provider Entity ID
The last field contains the Authorization Callback URL, which is required in your SAML app configuration.
OIDC (OpenID Connect)
After opening the configuration window, select OIDC in the Authentication Protocol field. Then complete the fields:
Select Provider Name
Custom Provider Name
Client ID
Client Secret
Issuer URL
In this case, there is also an Authorization Callback URL at the end, which needs to be entered in your OIDC app configuration.
How to find data from SSO provider required for configuration
You can find information about creating Google integration in the official documentation: Set up SSO for your organization - Google Workspace Admin Help
Azure Entra
You can find information about creating Azure Entra integration in the official documentation: Add an OpenID Connect-based single sign-on application
Okta
You can find information about creating Okta integration in the official documentation:
Custom
To configure a provider not listed above, search for “OIDC app configuration”, “Integration configuration” or “SAML configuration” in the documentation of your provider.
Select "Custom" for the provider and provide the required information for configuration related to your service as specified above.
SSO reconfiguration
If incorrect data is entered or if data needs to be updated, SSO can be reconfigured. To do this, click on the action menu next to the SSO login method and select reconfigure.
After making changes, click the 'Reconfigure SSO' button to save the changes. The process can be interrupted without saving any changes by clicking the 'Cancel' button.
Inviting users with SSO
When SSO is enabled for your organization, you can choose SSO as the login method when inviting a new user. To do this:
Click the invite users icon,
enter email address,
choose role,
select login method,
click the plus icon,
repeat steps 2-5 if you want to invite more users,
click send invitations.
Invited users will be able to log in using SSO.
Changing user’s login method
To change the active user's login method:
Find the users table
Select the user whose login method you want to change
Select Edit user from the action menu
Change log method
Save
The selected user will now be able to log in via SSO.
Register with SSO
The user receives an invitation to the application by e-mail. After clicking on the link in the email, the user will be redirected to a form in which he must provide basic data, accept the terms and conditions and privacy policy, and configure MFA. After setting up MFA, the user also receives the recovery code needed to reset MFA if they wanted to set it up again.
Login with SSO
After registration, the first login via SSO is as follows:
The user goes to their organization's login page.
The user clicks the Login with SSO button.
A pop-up appears allowing user to log in with the provider selected for his organization
After successful authentication, the user enters the MFA code.
After completing these steps correctly, the user will be logged in to the application.
Deactivating SSO
To deactivate SSO, click on the action menu next to the SSO login method and select deactivate. Once you confirm your choice, the SSO login method will be deactivated and you will no longer be able to log in to your organization using SSO. The SSO status will be inactive on the list of possible login methods. After deactivation, SSO can be configured again.
If you have any difficulties or questions, please, contact the support team for assistance at support@x-analytics.com.
Comments