Articles with the tag:
Close
Changelog
Close
Help Center
General

SSO setup

Nowadays we can barely imagine our lives without multiple social networks, mail services, blogs and forums. That means that we have to keep in mind a great number of different logins and passwords every day. Exhausting? Yes. That's why ONLYOFFICE gives you an opportunity to activate the Single Sign-on authentication option. Since now you won't need to enter you credentials every time when you need to access the portal!

Only portal owner and full access administrators can enable/disable this option.

Don't know how to enable and configure SSO authentication for your portal? Read this article and you will learn how to do that!

Bare Bones Instructions

Identity Provider and Service Provider play indispensable role in the SSO authentication. That's why these two services must be mutually configurated to ensure the SSO correct work. Identity provider is a provider that creates, maintains, and manages identity information for principals and provides principal authentication to other service providers within a federation, such as with web browser profiles (OneLogin, ADFS are identity providers). Service Provider is an entity that provides web services and relies on a trusted Identity Provider for user authentication (ONLYOFFICE is a service provider). Follow the instruction below to adjust the Service Provider.

Check the Identity Provider configuration before adjusting the Service provider.

  1. Go to the portal Settings page. To do that click the Settings Icon icon in the right upper corner.
  2. Open the Security section.
  3. Switch to the Portal Access tab.
  4. Check the Enable SSO box under the Single Sign-on caption.
  5. Choose the SSO Type.

    ONLYOFFICE supports two SSO types:

    • SAML (or Security Assertion Markup Language) is an XML standard that allows to transmit user authentication/authorization data between an identity provider and a service provider through security tokens which contain assertions.
    • JWT (or JSON Web Token is a security token) allows to transfer user authentication/authorization data through URLs using the JSON format and digital signatures.

    The SSO Type as well as other information you need to fill out on the 'Single Sign-on' page fully depends on the Identity Provider you've chosen and is indicated on it's configuration page.
  6. Introduce Issuer URL.

    The Issuer URL identifies the user account provider. It is used to validate the SAML response or JWT token digital signatures.

  7. Fill out the SSO Endpoint URL field.

    If SSO initializes on the Service Provider side, redirection to this URL will take place.

  8. Fill out the SLO EndpointURL field.

    This is an optional field. If you fill it out, every time you log out from portal, you'll be redirected to the indicated URL.

  9. Choose the Signature Validation Type.

    If you've chosen the JWT option in the SSO Type list, you'll need to select the valid token signature validation type: open X.509 certificate key, public asymmetric RSA SHA-256 algorithm key, or private symmetric HMAC SHA-256 algorithm key. If you've chosen the SAML option, the Signature Validation Type need to be set to X.509.

  10. Enter the key specified above in the Key field.
  11. Click the Save button.

That's it! Now that the SSO authorization is enabled all the portal users can enjoy the Single Sign-on option clicking the Single Sign-on link below the Sign In button at the portal authorization page, or using the sign-in page on the Identity Provider side.

Click to show an example of Identity Provider and Service Provider configuration (ADFS 2.0 and ONLYOFFICE)
Try now for free Try and make your decision No need to install anything
to see all the features in action
You Might Also Like This:
Close