Single sign-on

Introduction
Configuring single sign-on for your organization
Add domain
Verify domain
Validate setup
Activate SSO
Deactivating SSO for your organization
Deleting an SSO configuration

Introduction

Single sign-on (SSO) is a user verification method that lets you access multiple, independent software systems by using only one set of login credentials (username and password).

Once you have set up and activated SSO for your organization in Viedoc, all users with the same email domain will be authenticated via the external Identity Provider (IDP) that you specify.

The Viedoc SSO solution uses Security Assertion Markup Language (SAML) 2.0. It is an open Extensible Markup Language (XML)-based standard for exchanging authentication and authorization identities between security domains.

Note! If a user account is set up for SSO, Application Programming Interface (API) access to Viedoc is not allowed.

Configuring single sign-on for your organization

Configuring single sign-on in Viedoc is a four-step procedure:

Add domain
Verify domain
Validate setup
Activate SSO

The steps are described in more detail below.

Note! For information about use cases with Google Workspace or Microsoft Azure AD as IdPs, see the lesson Activating SSO.

Add domain

To add a domain:

1	Click Organization Settings.
2	Click the SSO tab.
3	Click Add SSO configuration.
4	Enter the name of the domain that you want the SSO configuration to apply to and click Continue. An email is sent to the hostmaster of that domain. The email contains a verification key that you will need in the next step.

Verify domain

To make sure that you are authorized to set up single sign-on for a specific domain, you need to verify ownership of the domain. To do so, follow the steps below:

1	Click Organization Settings.
2	Click the SSO tab.
3	If you are not automatically directed to the Verify domain step, click the corresponding link. Enter the verification key from the email that was sent to the domain hostmaster and click Verify.
4	When the verification is successfully performed, Viedoc automatically redirects you to the Validate setup step.

Validate setup

This step specifies the information that is needed for the SAML setup.

To validate the setup:

1	Click Organization Settings.
2	Click the SSO tab.
3	If you are not automatically directed to the Validate setup step, click the corresponding link. The fields Redirect URL and Entity ID are automatically filled in with information retrieved from the previous step. They are not editable in this step. If you need to edit this information, click Verify domain to go back one step. Enter the following information (which you typically can obtain from your IT department): Endpoint URL: This is the URL to the IDP. Certificate: This is the Base64 certificate of the IDP server. Important! The certificate has an expiry date. We recommend that you make sure your organization has procedures in place to keep track of the expiry date to avoid login failures. If the certificate is about to expire, please make sure to renew it and update the SSO configuration in Viedoc Admin. Click Validate to start a trial login sequence. This opens a new browser tab where you are prompted to log in to the specified IDP at the Endpoint URL. Note! For underlying technical reasons, the Redirect URL field displays a hyphen (`-`) instead of a period (`.`). This has no effect on the actual URL that the users will be redirected to.
4	After logging in to the IDP, return to the Viedoc tab of your browser and click Next. If the validation was not successful, please check your settings and try again. If the validation was successful, you are now ready to continue with the Activate SSO step.

Activate SSO

When the steps Add domain, Verify domain, and Validate setup have been successfully completed, you can activate the SSO configuration.

To activate the SSO configuration:

1	Click Organization Settings.
2	Click the SSO tab.
3	If you are not automatically directed to the Activate SSO step, click the corresponding link. Click the Active switch to turn it on.
4	Copy the login URL and share it with the users in your organization. When you activate the SSO configuration, this is the URL that they must use to log in to Viedoc.
5	If all your SSO settings are correct and if your organization has been informed of the new login routine, click Yes.

Deactivating SSO for your organization

To deactivate SSO:

1	Click Organization Settings.
2	Click the SSO tab.
3	Click the Active switch to turn it off.
4	In the dialog box that is displayed, click Yes. Note! Deactivating an SSO configuration does not delete the configuration information from Viedoc.

Deleting an SSO configuration

To delete an SSO configuration:

1	Click Organization Settings.
2	Click the SSO tab.
3	Click the trash can icon.
4	In the dialog box that is displayed, click Yes. Note: Deleting an SSO configuration affects all Viedoc organizations that use the same SSO configuration.