Follow

How to set up SSO in Jostle

Introduction

Single Sign On (SSO) lets users sign in once to gain access all systems enabled by that SSO. If your organization uses SSO, its important to enable it for Jostle, so that its easy for users to log in. It also means that when people link to other enterprise systems, they arrive already signed in.

For SSO to work, your organization's SSO must become an identity provider to Jostle.

Roadmap to using SSO with Jostle

See this list of the SSO providers that Jostle supports. If yours is not listed, please email us at support@jostle.me to identify next steps.

These are the key steps that a System Admin needs to take to enable SSO in Jostle:

  • Set up your SSO provider, if you have not already done so.
  • Send Jostle the XML metadata (email: support@jostle.me).
  • Wait for confirmation that Jostle has applied the metadata in our system.
  • Convert existing users from Jostle password to SSO (learn more).

For the complete list of our SSO-related content, you can jump to the section directory here.

About SSO and SAML 

The rest of this document describes how SSO works between an organization and Jostle.

There are a number of standards which exist for web single sign on including WS-Federation, OpenID, and Security Assertion Markup Language (SAML). The current mainstream approach to web SSO in the enterprise space is SAML.

Web Single Sign On

There are three parties involved in a web single sign on process:

  • User Agent
  • Service Provider
  • Identity Provider

The User Agent is the browser that the user accesses Jostle through. The Service Provider is Jostle. Your organization is the Identity Provider (via your SSO system) since it is the user identity at the organization which is being extended to the Service Provider.

The sign on process proceeds as follows:

  1. The user requests access to the Service Provider using their browser.
  2. The Service Provider (Jostle) sends an authentication request to the Identity Provider (organization) through a browser redirect.
  3. The Identity Provider authenticates the user. This authorization is entirely an internal matter to the Identity Provider and not visible to Jostle.
  4. The Identity Provider returns an authentication response to Service Provider through a browser redirect.
  5. The Service Provider provides browser access to the requested resource (Jostle).

The key pieces of information that are provided in step 4 are the identity of the user (a unique identifier of a user in the Identity Provider, usually email address or username) and the duration for which the response is valid. The exact details of the information exchanged between the Service Provider and the Identity Provider in steps 2 and 4 are dependent on the standard in use. The details for SAML are described in the next section.

SSO.png

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.