Single Sign-On is an option for select Herrmann clients who have SAML Protocol already in place for signing on to various web applications. This option is added to Herrmann clients after a discussion of the requirements with the Client's IT, Contract representative, a Herrmann Representative, and a Herrmann Technical Support provider. If your organization is interested in SSO, please review this article and contact your Herrmann Representative.
Available October 2021
The ability to set up and manage Single Sign-On (SSO) for an organization.
An admin for an organization that is in charge of setting up single sign-on for their team. A non technical person for an organization that manages their Thinkers within the Herrmann platform. Herrmann support will also be able to assist in setting up SSO for a customer.
Ensure that an admin user can easily set up SSO for their organization if they request it and want to use it for their Thinkers.
In order to use the current version of SAML protocol SSO within the Herrmann platform you will need the following:
- Enable SSO in the checkbox on the screen
- OKTA is the only provider that is currently available.
- In the Sign-on Method dropdown select ‘SAML’
- SSO URL - This will be from Okta, as the current version of SSO only supports Okta SSO.
- Identity Provider Issuer URL/Identity
- Public certificate fingerprint
- The public certificate that Okta provides will have to be converted to a SHA256 fingerprint digest. In order to convert this follow the below steps:
- The user setting up SSO for their organization will need to use a conversion tool. Go to the free conversion tool at https://www.samlcomponent.net/tools/fingerprint.aspx
- Copy and paste the X0.509 certificate provided by Okta into the text area.
- In the algorithm drop down select ‘SHA256’ and then select ‘calculate fingerprint’
- Copy the generated ‘Formatted FingerPrint’ in the Public Certificate FingerPrint field within the SSO setup screen within the admin tools on the Herrmann platform.
Below is what the user will see in the admin tools on the Thinker portal when they select the SAML protocol.
If your organization uses the Open ID Connect protocol through OKTA you will need the following:
- Enable SSO checkbox
- Change the Sign-On Method to ‘Open ID Connect’
- Client ID - This is a code that OKTA will generate for you when you create the app within OKTA.
- Client Secret - This is also a credential that OKTA will generate for you upon app creation in OKTA.
- Authorization URL - This is labeled ‘OKTA Domain’ within the ‘General Settings’ in the OKTA app that you have created.
The screenshot below is what the user will see when in the ‘Account Settings’ page of the admin tools in the Thinker portal.