Skip to main content

Configuring SSO

Single Sign-On (SSO) allows your organization members to access k-ID using their existing corporate identity credentials, providing several key benefits:

  • Enhanced Security - Centralized authentication and enforcement of your organization's security policies
  • Simplified Access Management - Add or remove user access from a single location
  • Improved User Experience - One set of credentials for all corporate applications
  • Reduced Password Fatigue - Eliminate the need to remember separate passwords
  • Compliance - Meet regulatory requirements for access control and audit trails

What is SSO?

Single Sign-On (SSO) enables users to authenticate once with your organization's identity provider (such as Okta, Azure AD, Google Workspace, or OneLogin) and gain access to multiple applications, including k-ID Compliance Studio, without entering separate credentials.

Prerequisites

Before configuring SSO for your organization:

  • You must have an Admin or Owner role in k-ID
  • Your organization must have an identity provider (IdP) that supports SAML 2.0 or EASIE
  • You must have administrative access to your identity provider
  • You should have at least one verified domain configured in your k-ID organization

SSO Configuration Process

Step 1: Contact k-ID Support

Begin the SSO setup process by contacting a k-ID representative:

  • Reach out through your dedicated account manager, or
  • Contact k-ID support through the support portal
  • Indicate that you want to enable SSO for your organization

Step 2: Receive k-ID Configuration Details

Your k-ID representative will provide you with the following information needed to configure k-ID as a service provider in your identity provider:

  1. Single sign-on (ACS) URL - The Assertion Consumer Service URL where your IdP will send authentication responses
  2. Audience URI (SP Entity ID) - The unique identifier for k-ID as a service provider
  3. Metadata URL - A URL containing k-ID's service provider metadata

Important: Keep these details secure and accessible as you'll need them in the next step.

Step 3: Configure k-ID App in Your Identity Provider

The specific steps will vary depending on your identity provider, but the general process is:

  1. Log into your identity provider's admin console

    • Examples: Okta Admin, Azure AD Portal, Google Admin Console, OneLogin Admin Portal

  2. Create a new application

    • Look for options like "Add Application," "Create App," or "New SAML App"
    • Choose either SAML 2.0 or EASIE as the protocol (depending on what your IdP supports)

  3. Enter the k-ID configuration details

    • ACS URL: Enter the Single sign-on URL provided by k-ID
    • Entity ID: Enter the Audience URI provided by k-ID
    • Alternatively, some IdPs allow you to import the Metadata URL directly

  4. Configure attribute mapping (if required)

    • Email address (required)
    • First name
    • Last name

  5. Assign users or groups

    • Specify which users should have access to k-ID Compliance Studio

  6. Save and activate the application

Step 4: Share Your IdP Metadata with k-ID

After creating the k-ID application in your identity provider:

  1. Locate your IdP's metadata URL

    • Most identity providers provide a metadata URL or allow you to download an XML metadata file
    • This metadata contains:
      • Your IdP's Entity ID
      • SSO endpoint URLs
      • Public certificate for signature verification

  2. Send the metadata to your k-ID representative

    • Provide either the metadata URL or the downloaded XML file
    • Your k-ID representative will use this to complete the SSO configuration

Step 5: k-ID Enables SSO

Once k-ID receives your IdP metadata:

  1. Your k-ID representative will configure SSO for your organization
  2. They will test the configuration to ensure proper connectivity
  3. You'll be notified when SSO is active

Important Considerations

Impact on User Authentication

Once SSO is enabled:

  • Users with email addresses from your verified domain(s) will no longer be able to log in with their k-ID password
  • All authentication will be handled by your identity provider
  • Users must use SSO to access k-ID Compliance Studio

Troubleshooting

If users experience issues logging in after SSO is enabled:

  • Verify the user is assigned to the k-ID app in your identity provider
  • Check that the user's email domain matches your verified domain in k-ID
  • Confirm that attribute mappings are configured correctly in your IdP
  • Review your IdP's logs for authentication errors
  • Contact k-ID support for assistance

Getting Help

If you need assistance with SSO configuration:

  • Contact your k-ID account representative
  • Reach out to k-ID support through the Developer Portal
  • Consult your identity provider's documentation for IdP-specific guidance