SpringCM Single Sign-On Integration
The SpringCM Single Sign-on (SSO) Integration creates a client application that uses Auth0 for authentication and provides SSO capabilities for SpringCM. Your users log in to SpringCM with Auth0 identity providers, which means the identity provider performs the identity credentials verification.
Prerequisites
Before you begin:
- Sign up for a SpringCM account.
- Set up a connection, which is a source of users. Connections can be databases, social identity providers, or enterprise identity providers, and can be shared among different applications. You may set up more than one connection for use with SSO integrations.
Steps
To configure a SpringCM SSO integration, you will:
Consent to Auth0 SSO integration
-
Navigate to Auth0 Dashboard > SSO Integrations, and click + Create SSO Integration.
-
Select SpringCM.
-
Click Continue to grant the integration access to the listed permissions.
Configure Auth0 SSO Integration
Enter a name for your SSO Integration, configure the following settings, and click Save.
Setting | Description |
---|---|
SpringCM ACS URL | ACS URL for your SpringCM. |
Use Auth0 instead of the IdP to do Single Sign-on (SSO). **Legacy tenants only.** | If enabled, Auth0 will handle SSO instead of SpringCM. |
Configure integration with SpringCM
To configure the integration with SpringCM, follow the instructions listed in the Tutorial view.
SpringCM SSO integration
Before you continue, make sure you have your SSO integration Client ID. You will use the Client ID to replace the SSO_CLIENT_ID
placeholders.
-
Log in to SpringCM as an admin.
-
Select the SAML SSO menu under Account Preferences.
-
Enter the Issuer:
urn:YOUR_DOMAIN
-
Enter the Service Provider (SP) Initiated Endpoint (be sure to replace the SSO_CLIENT_ID placeholder with the Client ID of your SSO Integration):
https://YOUR_DOMAIN/samlp/SSO_CLIENT_ID
Alternatively, to log in with a specific identity provider, you can add a connection
parameter (be sure to replace the SSO_CLIENT_ID placeholder with the Client ID of your SSO Integration):
https://YOUR_DOMAIN/samlp/SSO_CLIENT_ID?connection=email
https://YOUR_DOMAIN/samlp/SSO_CLIENT_ID?connection=google-oauth2
https://YOUR_DOMAIN/samlp/SSO_CLIENT_ID?connection=Username-Password-Authentication
In this case, Auth0 will redirect users to the specified connection and will not display the Login widget. Make sure you send the SAMLRequest using HTTP POST
.
- Download your Auth0 signing certificate, and upload it to SpringCM. Then select the uploaded file as the Issuing Certificate.
Enable connections
Choose the connections to use with your SSO integration. Users in enabled connections will be allowed to log in to SpringCM. By default, all configured connections are enabled.
-
Select the Connections view.
-
Toggle the sliders next to connection names to enable or disable them.