Skip to main content

Single Sign-On (SSO)

This article will walk you through the steps to configure SSO for your team, and connect your Active Directory.

Nuvo SSO supports most major Identity Providers that are SAML or OIDC compatible (i.e. Okta, Azure, Google Workspace, etc.).

Please reach out to your Customer Success Contact or our Support team to begin the SSO configuration process (Support@Nuvo.Credit).

Your company will receive an invitation from Nuvo (via WorkOS), and then you can complete the Identity Provider's configuration.

Once you've received the invitation, you can complete the configuration (https://workos.com/docs/integrations) by selecting your Identity Provider.

After your company has completed the configuration of their identity provider, you will need to provide Nuvo the Metadata URL so that Nuvo could successfully verify a working connection between both sides.

Once confirmed by the Nuvo team, then the connection is live.

Connecting an Active Directory

Please notify your Nuvo contact that you wish to use Active Directory sync. This will be included in the invitation and setup within WorkOS.

  1. Once invited to WorkOS, your team will need to come in and configure their Active Directory correctly. The integration will look like this:

2. Once the configuration is complete, you should see a confirmation on Directory Sync being completed:

SSO Authentication

If your company has set up Single Sign-On (SSO) authentication, you'll be required to log in using your personal details. When you begin the login process, you will encounter the following screen:

Please enter your email that is linked to the Identity Provider, and then log in using your credentials (email and password). If the details you enter are correct, you will receive immediate access to log in.

If the authentication is unsuccessful, you are likely to see this message:

If you receive an "Authentication Failed" message, please follow the troubleshooting tips provided below to navigate the SSO authentication process successfully. If you are confused about the error message or troubleshooting tips, consider contacting your IT team to ensure that your credentials and information are set up correctly.

Troubleshooting SSO

Missing Detail Errors

If you see the error “The SAML Response did not contain expected attributes”, it probably means that you are missing information on your user profile.

To fix this issue, follow these steps.

  1. Log into your user account portal (for instance, Microsoft or Okta)

  2. Check that your first name, last name, and email address are all set and correct.

If this doesn’t fix the issue you may need to configure how your data maps to Nuvo’s data. To do this, please ask your IT team to configure the following attribute statements:

  1. givenname

  2. name

  3. emailaddress

  4. surname

  5. Unique User ID

How to Fix Errors from Incorrectly Linked Attributes

When you log in via SSO, your IdP sends back a response that includes something called AttributeStatements. These are pieces of information or 'attributes' about you, each tagged with a Name property as defined by your IdP. If your SP is looking for a specific Name tag that's different from what your IdP has provided, you'll see a Missing Attribute Error. Remember, the exact wording or 'case' of these names matters a lot.

For instance, imagine your SP needs information like your ID, email, first name, and last name. We will explore how to accurately set up and connect these in systems like Azure AD. Although configurations for Okta or Google Workspaces are also possible, our example will focus on Azure.

Azure AD

In Azure AD, you can configure Attribute Statements for givenname, surname, emailaddress, and objectidentifier. You'll need to ensure that the claims are configured according to the defined mapping.

Correcting Errors from Missing Information

Sometimes, the error about missing attributes comes from certain information not being present in the user's profile. When this happens, you need to make sure the user's profile is updated to have all the necessary information.

Take, for example, how Azure always links the last name to a 'surname' claim. If you look at the Azure user profile in the example below and notice the last name is missing, this could be why you're seeing an error about missing attributes. If the Service Provider requires a 'surname' attribute and it's missing, adding this missing detail can solve the problem.

Errors about missing attributes often happen if there's a mismatch or if some information is missing between your identity provider (where your login details are stored) and the service you're trying to access. It's important for the services you use to regularly update their settings to match with your identity provider, which helps avoid these kinds of errors.

If you need any more help with SSO authentication, feel free to reach out to Nuvo's Support team at support@nuvo.credit. We're here to help!

Related Articles
Troubleshooting SSO authentication
Did this answer your question?