Single Sign On (SSO) Overview¶
VOSS-4-UC supports Single Sign-on (SSO) through the SAML v2 standard for SSO. The system acts as a service provider in the SAML authentication architecture and supports service provider initiated (SP-initiated) authentication of users against a SAMLv2 Identity Provider (IdP).
Authentication settings on an IdP server include Authentication Scope and User sync Type - see: Configure Single Sign-On for VOSS-4-UC.
Users accessing VOSS-4-UC using SSO authentication are required to access the system using an URL which is specific to the IdP setup in the VOSS-4-UC system. This ensures the SAML interaction is with the correct IdP, since VOSS-4-UC supports multiple IdPs to be set up in the system.
When accessing the URL, the user will be presented with the login challenge via the Identity Provider (outside of VOSS) if they do not already have a session active on the IdP. Once authenticated with the IdP, the assertion from the IdP is sent to VOSS-4-UC from the IdP and the user will be given access and presented with the appropriate interface in VOSS-4-UC (admin or self-service). If users already have an authentication session with the IdP, they do not see the IdP login page and will be directed straight to VOSS-4-UC.
Note
- Credential policy features such as password rules, session length, etc. are all managed by the IdP outside of VOSS-4-UC.
- Single Sign-on support is for authentication only and does not apply the user’s permissions within the VOSS-4-UC.
- No logout is supported when using SSO (single sign-out). VOSS-4-UC will not initiate the termination of