Single Sign-On (SSO) allows users to authenticate with multiple applications or services using a single set of login credentials. To configure SSO in Surfly, you will need to follow these steps:
Download the identity provider metadata from the IdP (Identity Provider) you will be using for authentication. The metadata contains information about the IdP, such as the SSO URL, Entity ID, and certificate.
Log in to the Surfly Dashboard and navigate to Settings > SSO. Here, you can provide the IdP metadata URL to import the IdP metadata for SSO.
For SSO login ID, provide a unique name that will be used to generate the SSO login URL. This will typically be the name of your organization or application.
The fields for SSO URL, Entity ID, and Certificate will be retrieved from the IdP metadata you imported in step 2. These fields are important because they allow Surfly to communicate with the IdP and verify user credentials.
Save and generate IdP data.
Once you have completed this configuration, you will be able to retrieve Entity ID and the ACS (Assertion Consumer Service) URL. Enter it as the Assertion Consumer Service POST Binding URL in the IDP configuration.
By following these steps, you can configure SSO in Surfly and allow your users to log in with a single set of credentials.
You need to check "Enable Single sign-on" to turn on SSO for your Surfly account.
Once SSO is enabled, only users with Admin level privileges in Surfly will be able to log in to Surfly using email/password credentials or reset their Surfly password.
To allow Surfly to create user accounts automatically based on the information provided by the IdP, you need to check "Enable auto provisioning". Without this, only users who have been manually created in Surfly will be able to log in using SSO.
Users who are created through SSO will have the "Agent" role in Surfly by default. Only users with Admin level privileges in Surfly can change a user's role.
Users created in Surfly through auto-provisioning will not be automatically deleted when they are removed from the IdP. However, if they do not use their Surfly account for 90 days, they will be deactivated.