How to use Didomi's SSO?

Didomi SSO is a premium feature.  Do not hesitate to contact your Customer Success Manager if you are interested. 

What is SSO?

👉Acronym

SSO = Single Sign-On

👉Definition

SSO is a method of authentication to a platform. 

SSO (Single Sign-On) is an authentication and authorisation method that enables users to easily access multiple applications and websites by eliminating the need to have separate credentials.

Didomi's SSO is based on SAML 2.0 standard protocol. It allows your users to sign on to the Didomi Console using your own identity provider, like Google, Azure Active Directory, Okta, One Login and many more.

Simplified User Access Management

SSO feature provides a number of benefits and addresses several issues.

  1. Security: SSO ensures better security of user credentials by providing a standardized and unique method of identification.
  2. Simplified user management: Security administrators will no longer have to manually manage the credentials of each user.
  3. Better user experience: Eliminate credential management fatigue with a single sign-on method. SSO allows you to keep the same credentials on each support, which saves a lot of time when you switch from one tool to another.

How to configure the SSO on my Didomi account?

Pre-requisite: Before processing, make sure you have activated SSO premium feature (by contacting your CSM).

        👉 The first step is to acquire the SSO credentials of your company in the Didomi Console.
  1. Login to Didomi Console.
  2. From the top menu, select My Organization > Single Sign-on
  3. Copy the Configured issuer, the Login URL and the logout URL.

    👉 You now need to configure your identity provider.
  4. Keep the configured issuer, the login URL and the logout URL as you will need them in the next step.

We provide specific instructions for the below identity providers. Once you’re done with those instructions, make sure you head back to finish your SSO settings detailed in the next step:

Didomi's SSO solution is SP-initiated and not IDP-initiated. Make sure this is accordingly reflected on your identity provider (i.e: your IDP might ask you to provide this configuration)

 

👉 Make sure you have the below information before heading back to Didomi Console for the rest of the configuration:

  • X509 Certificate
  • Sign-in URL
  • Log-out URL

👉 The last step consists in finalizing your SSO SAML in Didomi Console.

  1. Login to Didomi Console.
  2. From the top menu, select My Organization > Single Sign-on
  3. Navigate through the steps 1 and 2.
  4. In step 3, enter the following settings.
  5. Setting Description
    X509 Certificate

    👉 Enter the certificate that you have acquired from your identity provider.

    The format of the certificate must be in .CER coded in base 64.

    Login URL 👉 Insert the Login URL that you have acquired from your identity provider.
    Logout URL 👉 Insert the Logout URL that you have obtained from your identity provider.
  6. Click Continue.
  7. Test your settings.
  8. Add the email domain restriction.
    • Domains: Add the list of email domains to which the SAML authentication will be restricted. i.e: only users whose emails have this domain will be allowed to login with SSO SAML.
  9. Click the button to finalize.