Universal SSO login can be used with any providers supporting SAML.
In the GoodAccess Control Panel go to Settings, switch to the Login tab, select Login with an identity provider and click on Universal.
Step 1: Selecting your identity provider
Gather the following details to be used later:
- Entity ID
- Assertion Consumer Service URL
- Login URL
- Relay State
Step 2: Gathering details to be used later
- 1.Go to settings of your identity provider and look for option to add new application.
- 2.If you get asked for Sign-in method, select SAML (2.0).
- 3.Name your application and upload a logo for it.
- Identifier - Entity ID
- Reply URL - Assertion Consumer Service URL
- Sign on URL - https://sign.goodaccess.com
- Relay State - "/" (enter slash)
2. For User Attributes enter the following:
- Name - Enter "email"
- Name format - Choose "Unspecified"
- Value/Source Attribute - Choose "user.mail"
Get the following details from your identity provider:
- Login URL
- Download certificate
Add application to existing group within your identity provider or create new one and assign desired users to it. Users without permissions for GoodAccess won't be able to login.
- Sign in URL - Login URL
- Entity ID - Identifier
- Upload cerfiticate
Don't forget to save changes.
Step 7: Using details from identity provider
That's all! You can now login to GoodAccess using your own identity provider.