# Enable SSO on your JENTIS Account

A Single Sign-On authentication allows users from your organization to use the same login information for multiple services. At JENTIS, you can enable SSO so all users within your organization can login to our DCP using their current credentials registered on your Identity Provider (IdP).

{% hint style="info" %}
Single Sign-On authentication is available for customers with the JENTIS Enterprise plan. Contact your account manager for more information.
{% endhint %}

Currently, this feature supports three Identity Providers (IdPs): Ping Identity Platform, Microsoft Azure Active Directory (Azure AD), and Okta, all with the SAML protocol. If your organization uses any of these IdPs, you can follow these steps to have it connected to your JENTIS account:

### Step 1 - Setup an Identity Provider <a href="#enablessoonyourjentisaccount-step1-setupanidentityprovider" id="enablessoonyourjentisaccount-step1-setupanidentityprovider"></a>

Setup an IdP (Identity Provider) for your company and register all users with email addresses you would like to use with SSO. We currently support integration with Ping Identity Platform, Microsoft Azure Active Directory (Azure AD), and Okta.

When configuring it, make sure the SAML returned to JENTIS contains a NameID field with the email address of the user

1. Format definition = urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

**How to setup Okta:**

1. Create a developer account here: [Home | Okta Developer](https://developer.okta.com/)
2. Create SAML integration following these steps: [Create SAML app integrations | Okta](https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_saml.htm)
3. Create attribute statements following these steps: [Define attribute statements | Okta](https://help.okta.com/en-us/content/topics/apps/define-attribute-statements.htm)

**How to setup Ping Identity:**

1. Create a developer account here: [Identity Security for the Digital Enterprise](https://www.pingidentity.com/en.html)
2. Create SAML integration following these steps: [Create SAML app integrations | Ping Identity](https://docs.pingidentity.com/r/en-us/pingone/pingone_p1tutorial_add_a_saml_app)
3. Create attribute statements following these steps: [Define attribute statements | Ping Identity](https://docs.pingidentity.com/r/en-us/pingone/pingone_add_custom_attributes_to_a_user)

**How to setup Azure AD:**

1. Create an AzDo account here: [Developer Program | Microsoft 365 Dev Center](https://developer.microsoft.com/en-us/microsoft-365/dev-program)
2. Create SAML Integration:
   1. Go to [Microsoft Azure](https://portal.azure.com/?feature.msaljs=true#home)
   2. Open Microsoft Entra ID
   3. Add new Enterprise Applications -> Create your own applications
      1. Use Integrate any other application you don't find in the gallery (Non-gallery)
   4. Go through the getting started steps to Set up SSO and add users to your application.

### Step 2 - Send the required information to JENTIS <a href="#enablessoonyourjentisaccount-step2-sendtherequiredinformationtojentis" id="enablessoonyourjentisaccount-step2-sendtherequiredinformationtojentis"></a>

Once your company already has an IdP (Identity Provider):

1. Create a test user JENTIS can use to verify if the integration works;
2. Ensure your DCP's callback URL is added to the identity provider: **https\://\[your DCP’s domain]/sso/callback**\
   For example, [**https://myjentisdcp.jentis.com/sso/callback**](https://myjentisdcp.jentis.com/sso/callback) - always ending with **/sso/callback.**
   * on Okta, it should go under **Single Sign-On URL**
   * in Azure, it should go under **Reply URL (Assertion Consumer Service URL)**
   * in Ping Identity, it should go under **ACS URLs**
3. Open a ticket on our [Helpdesk](https://jentis.atlassian.net/servicedesk/customer/portal/1/group/1/create/32) sending the following information from the IdP setup:
   * **Issuer** (URI) - Who is issuing the identity
   * **EntryPoint** (URL) - Where to redirect for SSO
   * **Certificate -** Secret key
   * **Test User credentials**

<details>

<summary>How to find the necessary information on Okta</summary>

On **Okta**, once you enter the application you created, you’ll find this information under **Sign On > Settings > Sign On methods**.

Issuer (URI) = Issuer\
EntryPoint (URL) = Sign on URL\
Certificate = Signing Certificate

</details>

<details>

<summary>How to find the necessary information in the Ping Identity Platform</summary>

On **Ping Identity Platform**, once you enter the application you created, you’ll find this information under **Configuration > Connection Details**.

Issuer (URI) = Entity ID\
EntryPoint (URL) = Single Signon Service\
Certificate = Download Signing Certificate

</details>

<details>

<summary>How to find the necessary information in Azure AD</summary>

On **Azure AD**, you’ll find this information on **Set up Single Sign-On with SAML**.

Issuer (URI) = Identifier (Identity ID)\
EntryPoint (URL) = Login URL\
Certificate = Certificate (Base64)

</details>

When setup is complete, you will see a new login screen. Clicking on 'Login' will take you to your identity provider's login page. If you are a new user and logging in for the first time, you will be given the rights of an ANALYST user.

{% hint style="info" %}
If you would like to adapt the default permission group of your users connected to your SSO provider, please get in touch with our support via [Helpdesk](https://jentis.atlassian.net/servicedesk/customer/portal/1/group/1/create/32)
{% endhint %}

<figure><img src="https://2315305008-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fy15ncufYr341K5U8q6Of%2Fuploads%2Fgit-blob-7ca57f201c5f76835a0dee3552255fd8695485f2%2Fimage.png?alt=media" alt=""><figcaption></figcaption></figure>

If your organization uses an Identity Provider that we have not yet supported, please open a suggestion ticket on our Helpdesk and inform us which IdP you would like to have integrated with the JENTIS DCP.