Activating Single Sign-On (SSO)
Validis has an option to use SSO using SAML 2.0. If you would like to add this feature to your Validis Portal, please speak to your Validis Account Manager.
To enable SSO, select your user account at the top right-hand side and click on Settings.
On the left-hand side, select Integrations and the Single Sign-On option.
If your portal has SSO enabled, a user with significant access will be able to configure SSO in the ‘System Configuration’ section of the Validis Admin dashboard.
The following settings will need to be updated to use SSO on your Validis Portal:
- Single Sign-On 'On/Off' switch will need to be on the 'On' position (please ensure at least one Admin user is set up on your portal to use SSO before clicking 'Save' as this will disable password logins for Validis Admin users for your portal).
- Upload a SAML certificate (You also have the ability to download a copy of the certificate)
- Identity Provider URL – You can specify where Validis Portal Admin users are directed after logging out
Please ensure that at least one Validis Portal Admin user is set up with a Unique SSO identifier as once SSO is switched on all passwords for Validis Portal Admin users will be disabled.
Once the changes have been made, click on 'SAVE' to save the changes.
Setting up client users using SSO
When SSO is added to your Validis portal, all Validis Admin users will have an additional field called Unique SSO Identifier.
If SSO is switched off through the settings on the Validis portal the Unique SSO Identifier becomes an optional field, however, it will become mandatory whenever SSO is switched on.
Unique SSO Identifier has to be unique to a Validis Admin user and there is an option to use the email address as the Unique SSO Identifier.
Please note that when SSO is switched on and you create a new client user, they will no longer receive an email to complete the sign-up process.
Setting up SSO on your identity provider
When SSO is switched on, the URL you need to connect to should be [YourURL]/URI:oauth/saml20
Please ensure that you have already configured the Validis Admin user's Unique SSO Identifier and added the certificate to the portal.
Logging back in after signing out of Validis
If you exceed the 15-minute Validis Portal timeout or you manually sign out of Validis, you will see a new option on the login screen called 'SIGN IN AS A CLIENT'. Clicking on this button will take you to the URL set in the system configuration screen which will log SSO users in.
Communication around SSO
As SSO credentials are not managed through Validis, users with SSO access who try to reset their password via the portal and click Forgot Password? will receive an email from the following templates:
- Password reset for SSO Client User: Body
- Password reset for SSO Client User: Subject