Single sign-on

What is SSO?

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The SSO service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. 

Who should be using it?

Clients who want to:

• Mitigate risk for access to 3rd-party sites (user passwords not stored or managed externally)
• Reduce password fatigue from different user name and password combinations
• Reduce time spent re-entering passwords for the same identity

Requirements

Clients with secure networks using ADFS with SAML2 for authentication.

How to configure SSO

1. Send an email to supportus@amcsgroup.com to automatically create a support ticket to track progress of your request. The email must be sent from an active user in the system with the subject "SSO Request" and contain the following information:
   1. SAML SSO URL (This is the URL of your SAML Identity provider)
   2. Domain Security Certificate (as attachment to the email)
   3. Security Certificate Thumbprint
   4. Domain restrictions list (comma separated list of email address domains used to identify your users, for example "abc.com", "abc-1.com")
   5. Contact information of the person(s) who will exchange certificates and the AFDS server information (name, phone, email)
2. Upon receipt, support staff will process the request, install your certificate, configure the platform and reply to your email with:
   1. your direct login URL for the AFDS server (consisting of a one name id, no special characters)
   2. our domain security certificate (ucld.us domain security certificate)
3. Install the supplied ucld.us certificate.
4. Confirm the SAML SSO is working.