In this article, you will learn how to integrate the SSO of your company with the Portal. Introduction
The XMCO Portal supports the integration of external SSO using the OpenID Connect protocol. This protocol allows the Portal to delegate the entire authentication process of your employees to a component controlled within your information system.
The Portal does not have any knowledge of your employees' authentication secrets (passwords, certificates, additional authentication factors, etc.). This allows you to continue to manage their accounts in a centralized manner.
To date, only the OpenID Connect protocol is supported. SAML protocol support is not planned.
What is SSO ?Single Sign-on (SSO) is a session and user authentication service that allows a user to use one set of credentials (e.g. name and password) to access multiple applications. Single Sign-On (SSO) is a great feature for organizations that want to allow their users to log into multiple applications with a single authentication.
How to do it
Regardless of the technological component in place in your company, the principle remains the same. Integration into the Portal requires the creation of an OpenID client within your SSO.
Below are guides for the most common SSO technologies on the market. If
the component you are using is not listed in the guides, our teams will
do their best to assist you in case of difficulties.
Creating an OpenID client in your SSO requires one key piece of information: the redirection URL. This is the URL of the Portal to which your SSO will redirect your collaborator once the authentication is successful. This URL must be declared in your SSO for security reasons.
The URL that you must enter is the following: https://leportail.xmco.fr/api/account/oicd/callback
Once the OpenID client is created, you will get the following information:
- The Server Metadata URL
- This usually ends with /.well-known/openid-configuration.
- It allows the Portal to obtain a list of URLs required for the OpenID Connect protocol to function properly.
- The Client ID
- Depending on the SSO used, this can be an arbitrarily defined name or a sequence of random characters.
- The Client Secret
- This secret is a sequence of random characters and is used during certain exchanges with the SSO.
Once you have all this information, we invite you to share it with our teams (support@xmco.fr). We need it to finalize the SSO implementation.
Guides for creating an OpenID client
The following guides detail the different steps required to create an OpenID client depending on the technology used to set up your SSO.
If the SSO technology used in your company is not on this list or you are experiencing difficulties, please contact our teams.
Frequently asked questions
Is it possible to keep a few non-federated users in SSO?
Unfortunately No. At present, it's not possible to keep a few unregistered users. The configuration applies to the whole company.
Will SSO only be applied to users whose email corresponds to a certain domain? Or to all users?
SSO will be applied to all company accounts. So if some accounts in the Portal are not referenced in your active directory (AD, ADFS, AzureAD / Entra, keycloack, Okta...), the accounts in question will no longer be able to connect to the Portal.
Is SCIM supported ?
Unfortunately No. At present, we do not support SCIM.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article