Single Sign On (SSO)

Organizations that need enhanced security requirements can work with Circadian Risk Engineering to configure SAML SSO.

Overview

Security Assertion Markup Language (SAML) is a security standard for logging into applications. Single Sign On (SSO) allows users to log into many applications or websites via one set of login details.

In a SAML SSO set up, the identity provider manages the Organization's user accounts and credentials. The service provider is the app or website that provides services to the User or Organization. 

How SAML SSO works

  1. User attempts to log in to Circadian Risk via SAML SSO.

  2. Circadian Risk creates a SAML request and sends this to the identity provider.

  3. The identity provider checks this user's credentials to confirm they are correct.

  4. The identity provider then sends a response to Circadian Risk to verify the user's identity.

  5. Circadian Risk accepts the response and logs the user into their Circadian Risk account.

Technical Details for IT Departments

We can work with your IT department to set up the connection to your identity provider. You will need to provide us the following information:

  1. IdP SSO Target URL: We will use this link to connect to the Identity Provider when someone from your Organization attempts to login via SAML SSO.

    1. This is also generated via the Users page, by clicking “Invite User” if SSO is enabled for your organization

  2. Signing Certificate (optional): Usually called the X509 certificate. We use this to verify your Organization via your Identity Provider.

Once this is setup, you will need to configure the final response with the user information to include the following SAML attributes (names of the attributes can be mapped):

  1. email: The authenticated user’s email address

  2. user-id: A unique user ID (e.g. an employee ID, in case the email address changes)

  3. role (optional): If you want to manage roles via a directory provider you can optionally include a role (e.g. Organization Admin, Assessor) which will be assigned to the user each time they log in.