Description
The GenRocket Web Platform requires credentials to log in. Each time a user logs in, they create a secure, encrypted connection from their browser to the GenRocket Cloud. GenRocket also provides the ability to log in via Single Sign-On (SS0).
SSO allows users to log in to the GenRocket Web platform using your company's credentials. GenRocket Single Sign-On is based on SAML 2.0.
In This Article
- Diagram: Authenticated User Sequence with SSO
- Steps for SSO Integration
- User Access Requirements
- SSO Login Credentials - Email Address/User ID
- Need to integrate SSO with GenRocket?
Diagram: Authenticated User Sequence with SSO
Steps for SSO Integration
GenRocket, as a Service Provider (SP), talks to an Identity Provider (IDP, e.g., OKTA, Active Directory, etc.) with the help of a Metadata file.
Identity Provider (IDP) Metadata File
GenRocket needs the Identity Provider (IDP) metadata file to perform the integration. This file will need to be provided to us, and we will add the IDP metadata file at our end for integration.
Service Provider (SP) Metadata File
The GenRocket team will provide the Service Provider (SP) metadata file to the team requesting integration. We can share this file in advance with your team.
Configuration to Start Integration
IDP team needs to configure the following configuration at their end to start the integration:
Note: Only the Email Address will be required for the handshake between GenRocket (SP) and the IDP.
The User accessing the GenRocket platform must have an enabled user account on the GenRocket platform to log in.
The integration will not allow new users to be created on the GenRocket platform. GenRocket has its own predefined role, and therefore, roles are not required to be configured in IDP.
SSO Login Credentials - Email Address/User ID
The GenRocket login page directs users to the organization's SSO application, where they can enter their specific login credentials. GenRocket performs an authentication check based on the information entered. If valid, the user is logged in.
The standard approach is to have users log in with a valid Email Address (JDoe@company.com), which Genrocket stores and uses to authenticate the user during the login process. However, for some organizations, users only log in with a User ID, such as an Employee ID (e.g., JDoe).
SSO can be set up so users can log in with a User ID. GenRocket requires that the value stored on the platform be formatted like an email address, so a User ID cannot be stored by itself.
The stored email address does not have to be valid, but it has to be formatted like an email address. To allow a User ID for SSO login and authentication, a domain (e.g., @test.com) must be appended to the end of the User ID to create and store what looks like a valid email address in GenRocket.
The organization chooses the domain that will be appended to each User ID. This creates an email address with the appropriate syntax (JDoe@test.com) for GenRocket to store. To be clear, it is not a valid email, and the user will not receive messages from the GenRocket platform.
Note: If User IDs are used to log in via the SSO application, these users will not receive notifications because the email addresses stored in GenRocket are not valid. A generic, valid email for SSO login will be required to receive notifications.
Need to integrate SSO with GenRocket?
The SSO configuration is completed by the GenRocket team as per the Customer’s request.
Contact GenRocket for SSO Integration at support@genrocket.com.