What is SSO?
SSO is an authentication process that allows users to access multiple applications with a single set of login credentials. It centralizes user authentication, simplifying the login experience and enhancing security.
Enhanced Security: Centralized authentication minimizes password-related vulnerabilities.
Simplified User Experience: No need to remember multiple sets of credentials.
Operational Efficiency: Reduces password reset requests.
Compliance and Control: Easier enforcement of strong password policies.
SSO primarily addresses the need for enhanced security and a simplified user login experience.
A warehouse manager uses SSO to access the Logiwa IO without an additional password.
If a warehouse manager is logged in to Identity Provider (IdP), they do not need to enter credentials to access Logiwa IO.
Our SSO integration uses the SAML 2.0 protocol. Currently, the SSO feature has been tested with Azure AD, and companies using Azure AD can take full advantage of this integration.
Key Features
SSO Authentication: Utilizes the SAML 2.0 protocol for secure authentication.
Seamless Login: Use your IdP credentials to sign in, eliminating the need for separate login details.
Activation: To enable SSO, the SSO add-on from the "Logiwa App Store" must be activated and configured, and the configuration on the IdP side needs to be completed.
User Flagging: After setup, flag users for SSO login on the user screen. You can make SSO mandatory for your employees while allowing clients/vendors/temporary workers to continue using their username/password login.
Authorization Flexibility: SSO authorization can be granted individually or collectively to existing users, or when creating new users.
Configuring the SSO Setup
To use SSO for your company you should follow these steps:
Subscribe to the SSO add-on
Complete the configuration at the IdP (Azure AD) end
Activate the SSO add-on at the Logiwa App Store screen
Complete the setup at the Logiwa App Store screen
Mark the users that will be using SSO, at the Users screen
Subscribe to the SSO add-on
Contact your CSM or support team to subscribe to the SSO addon
SSO Setup in IdP (Azure AD)
To use SSO in Logiwa IO, you need to create an Enterprise App, complete your configuration, and give the users who you want to use SSO to this app.
1. Create a New Enterprise Application:
2. After creating the app, you can complete the SSO (SAML) configuration by following these steps:
3. For SAML configuration, you need to use the following information (If you want to use SSO at your Sandbox account please create another Enterprise Application and use related information instead).
Standard (Prod) Environment:
Identifier (EntityID): https://LogiwaIOProd
Reply URL (Assertion Consumer Service URL): https://mylicencecenter.logiwa.com/api/sso/assertion-consumer-service
Sign-on URL: https://my.logiwa.com/en/public/signin
Artifact Resolution Service URL: https://mylicencecenter.logiwa.com/api/sso/resolve-artifacts
Sandbox Environment:
Identifier (EntityID): https://LogiwaIOSandbox
Reply URL (Assertion Consumer Service URL): https://mylicencecentersandbox.logiwa.com/api/sso/assertion-consumer-service
Sign-on URL: https://mysandbox.logiwa.com/en/public/signin
Artifact Resolution Service URL: https://mylicencecentersandbox.logiwa.com/api/sso/resolve-artifacts
4. As the last step of the configuration at your IdP end, you need to add users who you want to be using SSO, to the application you have created:
SSO Setup in Logiwa App Store Page
After you have subscribed to the SSO add-on and completed the configurations at the IdP end, go to the Logiwa App Store (Marketplace) page in Logiwa IO and activate the SSO add-on:
Click on the “Edit” button and enter your IdP information:
Enter the mandatory fields:
Provider Name: Choose your IdP. ( Currently, the SSO feature has been only tested with Azure AD by Logiwa)
Account Name in IdP: This is your IdP identifier. You can copy your identifier from your Azure AD portal (which starts with https://sts.windows)
Single Sign-On Service URL: This is the endpoint on the Identity Provider (IdP) where authentication requests are sent. You can copy the URL from your Azure AD portal (which starts with https://login.microsoftonline.com)
Artifact Resolution Service URL (optional): This URL is used in SAML 2.0 SSO to fetch the actual SAML assertion from the Identity Provider using a small artifact token passed through the browser.
Certificate: The SSO certificate is a public key certificate used by the Identity Provider (IdP) to sign SAML assertions in a Single Sign-On (SSO) setup. You can copy the certificate from your Azure AD portal.
IMPORTANT: The x509 certificate needs to be in base64 format. Please make sure to copy the certificate correctly.
After completing the SSO setup, you can go to the Users page and mark the SSO users.
Marking SSO Users on the Users Page
After completing the setup process, you should mark the users you want to log in to Logiwa IO with SSO on the User screen. These users will only be able to log in to the system with SSO.
You can grant SSO authorization to existing users collectively or individually, and you can grant SSO authorization while creating a new user.
Tip: You can make SSO mandatory only for your own employees, while your Client/Vendor users continue to use their username/password.
You can select existing users in bulk and mark them as “SSO User” by Bulk Actions button. You can disable their SSO access with the same way:
You can also give users SSO access individually by editing their profile, or while creating a new user.
IMPORTANT: The password field of an SSO User will be disabled. In order for non-SSO Users to log in to the system, password definitions must be made.
If the SSO access of users previously marked as SSO Users is removed in bulk, a warning message will be displayed next to them on the User screen. In order for these users to log in to Logiwa IO, the user must be selected and password definitions must be made.
SSO Login Flow for the End Users
Users with the SSO flag can only log in to the Logiwa IO with SSO, while others can only log in with their username and password.
Here is the basic flow for an SSO user’s login experience:
The SSO Login process works the same way on the web and mobile applications.
When logging in with SSO is initiated, the following checks are made
Is the relevant user registered in Logiwa IO
Does the company the user is affiliated with have SSO authority
Is the user marked as an SSO User in Logiwa IO
Is the user authorized to access Logiwa IO on the IdP side
After these automatic checks, the user can easily log in to the system, and the system will warn if an error is received in any of these steps.
If the relevant user is currently logged in to their own IdP in their browser, automatic login is provided without the need to enter a password again.