Skip to main content
Skip table of contents

Enable SSO on your JENTIS Account

A Single Sign-On authentication allows users from your organization to use the same login information for multiple services. At JENTIS, you can enable SSO so all users within your organization can login to our DCP using their current credentials registered on your Identity Provider (IdP).

Single Sign-On authentication is available for customers with the JENTIS Enterprise plan. Contact your account manager for more information.

Currently, this feature supports three Identity Providers (IdPs): Ping Identity Platform, Microsoft Azure Active Directory (Azure AD), and Okta, all with the SAML protocol. If your organization uses any of these IdPs, you can follow these steps to have it connected to your JENTIS account:

Step 1 - Setup an Identity Provider

Setup an IdP (Identity Provider) for your company and register all users with email addresses you would like to use with SSO. We currently support integration with Ping Identity Platform, Microsoft Azure Active Directory (Azure AD), and Okta.

When configuring it, make sure the SAML returned to JENTIS contains a NameID field with the email address of the user

  1. Format definition = urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

How to setup Okta:

  1. Create a developer account here: Home | Okta Developer

  2. Create SAML integration following these steps: Create SAML app integrations | Okta

  3. Create attribute statements following these steps: Define attribute statements | Okta

How to setup Ping Identity:

  1. Create a developer account here: Identity Security for the Digital Enterprise  

  2. Create SAML integration following these steps: We’re here to help  

  3. Create attribute statements following these steps: We’re here to help
    We’re here to help

How to setup Azure AD:

  1. Create an AzDo account here: Developer Program | Microsoft 365 Dev Center

  2. Create SAML Integration:

    1. Go to Microsoft Azure

    2. Open Microsoft Entra ID

    3. Add new Enterprise Applications -> Create your own applications

      1. Use Integrate any other application you don't find in the gallery (Non-gallery)

    4. Go through the getting started steps to Set up SSO and add users to your application.

Step 2 - Send the required information to JENTIS

Once your company already has an IdP (Identity Provider):

  1. Create a test user JENTIS can use to verify if the integration works;

  2. Ensure your DCP's callback URL is added to the identity provider: https://[your DCP’s domain]/sso/callback
    For example, https://myjentisdcp.jentis.com/sso/callback - always ending with /sso/callback.

    • on Okta, it should go under Single Sign-On URL

    • in Azure, it should go under Reply URL (Assertion Consumer Service URL)

    • in Ping Identity, it should go under ACS URLs

  3. Open a ticket on our Helpdesk sending the following information from the IdP setup:

    • Issuer (URI)  - Who is issuing the identity

    • EntryPoint (URL) - Where to redirect for SSO

    • Certificate - Secret key

    • Test User credentials

On Okta, once you enter the application you created, you’ll find this information under Sign On > Settings > Sign On methods.

Issuer (URI) = Issuer
EntryPoint (URL) = Sign on URL
Certificate = Signing Certificate

On Ping Identity Platform, once you enter the application you created, you’ll find this information under Configuration > Connection Details.

Issuer (URI) = Entity ID
EntryPoint (URL) = Single Signon Service
Certificate = Download Signing Certificate

On Azure AD, you’ll find this information on Set up Single Sign-On with SAML.

Issuer (URI) = Identifier (Identity ID)
EntryPoint (URL) = Login URL
Certificate = Certificate (Base64)

When setup is complete, you will see a new login screen. Clicking on 'Login' will take you to your identity provider's login page. If you are a new user and logging in for the first time, you will be given the rights of an ANALYST user.

image.png

If your organization uses an Identity Provider not yet supported by us, please open a suggestion ticket on our Helpdesk informing which IdP would you like to have integrated with the JENTIS DCP.

How to administrate your users with SSO enabled?

With SSO enabled, users must be managed within your Identity Provider, so changing name, email, and password is no longer possible from our platform. The only thing that an ADMIN user can still change is the permission group.

Once the SSO is enabled, users from your organization will only be able to log in using the SSO, including current users of the platform.

Who can log in once the SSO is enabled?

All users within your organization that have credentials on your IdP will be able to log in to the JENTIS DCP. However, users accessing JENTIS for the first time after SSO is configured will receive “ANALYST” permission. This can be changed upon request through our Helpdesk.

How are the access permissions handled with SSO enabled?

Current users of the JENTIS DCP will remain with the same access permissions even once the SSO is enabled. New users accessing JENTIS for the first time after SSO is configured will receive “ANALYST” permission. All users with “ADMIN” permission can change their permissions.

If you want to configure other default users' permissions for all new users accessing JENTIS after SSO is enabled, contact our support team through the Helpdesk. Check all permission groups that are available in our JENTIS User Permissions document. This default SSO group can be configured per JENTIS account.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close