A user with a Manager role can configure the single sign-on (SSO) login for their organization. Currently, the SOC Prime Platform supports Okta and Azure AD as Identity Providers and SAML 2.0 as the sign-in method.
The availability of SSO depends on your subscription plan. If the feature is available to your organization, contact your Customer Success manager to enable it.
Once the SSO is configured, the Manager can make SSO login optional or required for their team.
How to Configure SSO with Okta
How to Configure SSO with Okta
Log in to Okta as an Administrator.
Go to Applications > Applications and click Create App Integration.
In the modal that appears, select SAML 2.0.
In the General Settings section, fill in the App Name field and click Next.
In the Configure SAML section:
Fill in the Single sign-on URL and Audience URI (SP Entity ID) fields using the values from the SOC Prime Platform > Account icon > Platform Settings > SSO Configuration.
In the Name ID Format field, select the EmailAddress option.
Do not modify any other fields.
In the Feedback section, select the I'm an Okta customer adding an internal app option and click Finish.
Your app integration has been created. Now, add people who will be able to use single sign-on on the SOC Prime Platform (you can do it later).
Go to the Sign On tab > Settings > SAML 2.0 and click More Details. Copy the following values under Metadata details and paste them on SOC Prime Platform > Account icon > Platform Settings > SSO Configuration:
Copy the value of Issuer and paste it into the Issuer field on the SOC Prime Platform.
Copy the value of Sign on URL and paste it into the Single Sign-On (SSO) URL field on the SOC Prime Platform.
Copy the Signing Certificate and paste it into the Public x509 certificate field on the SOC Prime Platform.
Finish the SSO configuration on the SOC Prime Platform:
Click the Save Changes button to save your configuration.
Click the Test button to validate your configuration. It's very important to test the configuration since enabling SSO with wrong parameters may result in your entire team, including you, being unable to authenticate.
Set the SSO login rules for your entire team:
Enable for users. When enabled, the users from your team will be able to choose between SSO and other authentication methods.
Enforce SSO login. When enabled, the SSO will be the only authentication method for all users on your team. Any logged-in users with other authentication methods will be logged out (including you). Once you've enabled the Enforce SSO login switch, click Test to test the configuration. If the test has been successful, the Save Changes button becomes available.
Note:
If you encounter any issues, contact us via support@socprime.com.
To learn more about SAML app integrations, see Okta's documentation.
How to Configure SSO with Azure AD
How to Configure SSO with Azure AD
Log in to your Azure AD as an Administrator and go to Enterprise Applications (you can type Enterprise Applications in the search bar and select the corresponding suggestion).
Click the New application button.
Click Create your own application.
Give your application a meaningful name, keep the choice Integrate any other application you don't find in the gallery (Non-gallery), and click Create.
The application is created. Go to Single sign-on to configure it.
Select SAML as the single sign-on method.
Configure Basic SAML Configuration and Attributes & Claims.
Click Edit in the Basic SAML Configuration box.
Fill in the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields using the values from the SOC Prime Platform > Account icon > Platform Settings > SSO Configuration
Identifier (Entity ID) – copy the value of the Audience URI (SP Entity ID) field on the SOC Prime Platform
Reply URL (Assertion Consumer Service URL) – copy the value of the Single sign-on URL field on the SOC Prime Platform
Click Save.
Click Edit in the Attributes & Claims box. Set the values for Required claim and keep the default values for Additional claims:
In Required claim set Source attribute to the mapping field for the emails used for registration on the SOC Prime Platform configured in your Microsoft Entra ID.
Note
The field used for email mapping is specific to your configurations in Microsoft Entra ID.
In Additional claims keep the default values.
Go to Users and groups to add users who'll be able to use SSO.
Download the Certificate (Base64).
On the SOC Prime Platform > Account icon > Platform Settings > SSO Configuration, fil in the following fields:
Issuer – copy the value of the Microsoft Entra Identifier field
Single Sign-On (SSO) URL – copy the value of the Login URL field
Public x509 certificate – copy the Certificate (Base64) you've downloaded on a previous step
Finish the SSO configuration on the SOC Prime Platform:
Click the Save Changes button to save your configuration.
Click the Test button to validate your configuration. It's very important to test the configuration since enabling SSO with wrong parameters may result in your entire team, including you, being unable to authenticate.
Set the SSO login rules for your entire team:
Enable for users. When enabled, the users from your team will be able to choose between SSO and other authentication methods.
Enforce SSO login. When enabled, the SSO will be the only authentication method for all users on your team. Any logged-in users with other authentication methods will be logged out (including you). Once you've enabled the Enforce SSO login switch, click Test to test the configuration. If the test has been successful, the Save Changes button becomes available.
Note:
If you encounter any issues, contact us via support@socprime.com.
