Overview
Single Sign-On (SSO) allows users to securely access multiple applications with one set of login credentials. Enabling SSO for the Ascent360 platform can streamline your users' access, simplifying the login process and reducing the need to remember yet another password. (It also improves security!)
Requesting SSO for your Organization
SSO for Ascent360 is available by request only. Please submit your request through your CSM or the help desk.
The following information must be provided:
- Identity Provider (IdP) Details: URL of your Identity Provider or Microsoft Entra Identifier.
- Login URL: The login URL for the IdP.
- Logout URL: The logout URL for the IdP (optional and may be the same as the login URL).
- One of the following:
- Metadata URL: In Entra, this is also called the App Federation Metadata URL.
- Certificate: The public certificate used by the IdP for signing SSO assertions.
Note: We need the Metadata URL or Certificate, not both.
By default, we use email addresses as usernames for our system, so no changes will need to be made here. Note: SSO is enabled per domain, so if you use multiple domains at your company, please give us the one you'd like used for SSO functionality.
The client contact requesting SSO will be the "tester" of the functionality once it's enabled.
Microsoft Azure Instructions
Here are instructions for those who use Microsoft Azure:
Once you click "Create", please fill out the Properties like this:
The method must be SAML:
Then, please add this configuration (highlighted in yellow below):
Copy the following three URLs and provide them back to Ascent360:
Ascent360 will then test the configuration and ask someone from the client side to also test.
