Use the Single Sign On (SSO) feature to allow people in your organization to sign into the fleet management platform using their existing company credentials (that is, without requiring them to sign in to the platform with a separate username and password). This page describes the steps needed to upload a signed SSO certificate, the SSO sign-in options available to you, and the steps needed to configure individual subusers to access the platform using SSO.
The Upload a Signed Certificate and Configure SSO feature described below is available only to the main accounts of customers on-boarded as identity providers. The Configure a Subuser for SSO Sign-in feature is available only to main accounts of customers who are configured to work with plug-ins that make use of SSO.
To learn more about using SAML SSO to connect to the platform via an external Identity Provider ("IdP"), and the configuration steps this requires, see SSO and the Verizon Connect Platform.
Upload a Signed Certificate and Configure SSO
To upload a signed certificate and configure SSO integration with the platform:
- Open the account drop-down menu in the upper right corner of the screen and then click the Single Sign On link. The Single Sign On dialog box opens.
- Click the Upload Certificate button. A Windows Explorer dialog box opens. If you want to change the arbitrary name shown in the SSO name field, you should do this before uploading a certificate. If you upload a certificate, and then change this name, you are required to upload the certificate again to verify that you have the authority to make this change.
- Navigate to the SSO authentication certificate using Windows Explorer, select it, and then click Open. The file you select must be an X.509 certificate, either self-signed or signed by a trusted certificate authority (CA). Unsigned certificates are automatically rejected. Once the certificate is uploaded, click OK. If the certificate is verified and found to be valid, the certificate's common name displays beside the Certificate name field (this field uses the name of the file you upload; for example, uploading the file "test.conf" results in a certificate name of "test.conf") and a green "Verified" label beside the SSO Certificate heading. The Save button in the bottom right corner of the dialog box activates, allowing you to save your settings.
If there is a problem with the certificate, a gray "Not Verified" label displays and you are prompted to upload a different certificate. The Save button, and all other configuration options on the dialog box, are disabled until you have supplied a valid certificate:
- Click the SSO Only radio button to allow access to the platform only via SSO. Click the SSO and Verizon Connect option to allow people in your organization to sign in using SSO or to sign in manually using the platform sign-in screen.
- Click Save. Note that if you change the name in the SSO name field after you have uploaded your certificate, you must upload the certificate once again.
Configure a Subuser for SSO Sign-in
To configure am individual subuser to access the platform using SSO:
- Open the Tasks section of the main menu and then click the Subusers link. The Subusers screen opens.
- Locate the subuser you want to configure in the list. If the list is long, you can use the filter tool in the upper right corner of the screen. Click the subuser's name in the list and the Edit User dialog box opens.
- Click the Details tab and then add a value to the IdP Username field. This value should match one of the "NameID" values in your IdP bearer assertion (using the format <saml:NameID>, for example <saml:NameID>email@example.com</saml:NameID> or <saml:NameID>sso.robert.smith</saml:NameID>). This value is used to identify the individual to the application.
- Click the Save button on the Edit User dialog box. The subuser is now configured for SSO access. Repeat steps 2 to 4 for each subuser you have specified in your IdP assertion.