In this article:
How to Set Up SSO for CORE
The 5th Kind setup process is as follows:
- Provide your setup information (see client setup details below)
- A 5th Kind engineer will implement SAML to your client environment
- A 5th Kind engineer adds the necessary configs
- You create a test user account on your SSO that the engineer can connect to a dummy tester account on the platform
- A 5th Kind engineer will test through the tester account to ensure it's connected properly
- Your account will be set up, and you complete your testing and users setup
Required Client Details
You will provide 5th Kind the following information:
- SSO URL
- If SSO is SP or IDP
- IDP Issuer
- SAML 2.0 Endpoint (HTTP)
- SLO Endpoint (HTTP)
- SAML Signing Certificate / X.509 Certificate
- XML doc, if available
- A client contact for SSO set up and questions, including name, title, and contact info
SAML SSO FAQs
Q. What authentication standard does 5th Kind support? (SAML or OIDC)
Q. Does 5th Kind support both SP and IDP initiated authentication?
Q. What options do we have in terms of SSO enforcement? (All Accounts, Some, None)?
- We don't have any enforcement, a user can use SSO or not SSO, but they cannot be a mix. If the user came from an SSO, then they will have to use SSO from that point on.
Q. How does 5th Kind validate the authentication event (SAML: Signed? Encrypted?, OIDC: JWT Signatures, etc)
- SAML Signed - we require both sides to be signed before communication.
Q. Does 5th Kind support any authorization options (i.e sending what permissions/roles a user has from the SAML assertion.)
- Not currently
Q. Does 5th Kind have any form of user session revocation?
- No we don't. Everything is based on JWT and JWT has expiration.
Q. What would the recovery or change process be for us to update or remove the SSO provider from our 5th Kind tenant in the event of an incident or org change. (compromised IDP, replacement IDP, etc)
- In the case of SSO provider switch, or IDP switch, we can void (1.) certificate or (2.) void all users that are associated with the SSO
Q. What SSO providers does CORE support?
- Active Directory
- One Login