You might already be using a single sign-on solution when you purchase IdentityNow. If you want to use SAML to authenticate into IdentityNow, you can use one of many SSO solutions as an identity provider and IdentityNow as a service provider.
For example, users can authenticate into their identity provider, then federate into IdentityNow to perform tasks related to certifications or provisioning. IdentityNow is never aware of the user's password, and their information remains secure.
The IdentityNow mobile app doesn't support the use of a third-party SSO solution as an identity provider and IdentityNow as a service provider.
This feature is not compatible with IdentityNow's Single Sign-On feature. If your site uses SSO, you won't see this menu.
Users from your identity provider who want to use IdentityNow must have identities within IdentityNow with data that matches their identities on your identity provider.
To ensure that your users can authenticate into IdentityNow, load their IdentityNow accounts from the same source you used to load accounts into your identity provider.
Obtain the following information from your identity provider:
The Entity ID
The Login URL for Post
The Login URL for Redirect
The Logout URL (optional)
The Signing Certificate
Complete the following steps:
1. From the Admin interface, go to Global > Security Settings > Service Provider.
2. Leave the Enable Remote Identity Provider option unchecked until you've provided correct values for the Identity Provider Settings below and imported the signing certificate.
3. We recommend you leave the Bypass Identity Provider option unchecked so that your users will always be required to sign in from your identity provider before they can authenticate into IdentityNow. (Users will not be prompted for registration or strong authentication information in IdentityNow.)
No matter what you select here, admins, helpdesk users, and dashboard users can always sign in directly to IdentityNow using your IdentityNow URL and appending ?prompt=true. For example, if an admin visitshttps://acme.identitynow.com/login/login?prompt=true , they'll see the IdentityNow sign in page. They must sign in with a unique IdentityNow password. This can be useful if, for example, the identity provider is temporarily unavailable.
CAUTION: If you select Bypass Identity Provider, users can either:
Use the normal sign in process to go to your identity provider and then launch IdentityNow.