Skip to main content
All CollectionsPlatform Administration User Administration & Access Control
SSO Integration Guide for Smart Access
SSO Integration Guide for Smart Access

This article outlines the process for integrating your existing Single Sign-On (SSO) infrastructure with Smart Access

John White avatar
Written by John White
Updated over 2 months ago

This article outlines the process for integrating your existing Single Sign-On (SSO) infrastructure with Smart Access. It assumes familiarity with SSO protocols and identity management concepts.

Supported Protocols and Identity Providers

Smart Access supports federation via the following protocols:

  1. SAML 2.0 (Security Assertion Markup Language)

  2. OAuth 2.0 with OpenID Connect (OIDC)

Compatible Identity Providers (IdPs) include, but are not limited to:

  • Microsoft Azure AD

  • Okta

  • Google Identity Platform

  • OneLogin

  • PingFederate

  • ADFS (Active Directory Federation Services)

Compatibility is ensured for any IdP adhering to SAML 2.0 or OAuth 2.0/OIDC standards.

Integration Workflow

Protocol Selection

Determine the appropriate protocol (SAML 2.0 or OAuth 2.0/OIDC) based on your IdP capabilities and organizational requirements.

Metadata Collection

Extract the necessary federation metadata from your IdP:

For SAML 2.0:

  • EntityID

  • SSO URL (HTTP-Redirect binding)

  • X.509 Certificate (for signature verification)

For OAuth 2.0/OIDC:

  • Authorization Endpoint

  • Token Endpoint

  • JWKS URI (for signature verification)

  • Client ID

  • Client Secret (if using confidential client flow)

CSM Engagement

Initiate the integration process by contacting your assigned Customer Success Manager (CSM). Provide them with the collected metadata for configuration in the Smart Access environment.

Service Provider Configuration

Configure Smart Access as a Service Provider (SP) in your IdP. Your CSM will provide the necessary Smart Access metadata, including:

  • EntityID/Client ID

  • Assertion Consumer Service (ACS) URL

  • Audience URI

  • (Optional) Encryption Certificate

Attribute Mapping

Define attribute mappings between your IdP and Smart Access. Essential attributes typically include:

  • Unique Identifier (e.g., email, employee ID)

  • First Name

  • Last Name

  • Email Address

Additional attributes may be required based on your specific Smart Access configuration or use case.

Support

For technical assistance during the integration process or post implementation, please engage with your CSM or via support channels.

Please provide the following when reporting issues:

  • Detailed error messages

  • SAML assertions or OAuth tokens (with sensitive information redacted)

  • Relevant log entries from both IdP and Smart Access

  • Steps to reproduce the issue

Did this answer your question?