Enabling Single Sign-On
In order to complete these steps, you must:
- Be an Ambition Admin
- Have an active, publicly accessible, SAML 2.0-enabled Identity Provider (IdP) service
Benefits of Single Sign-On:
- Users authenticate into Ambition using company-managed credentials
- Users already signed into company network will automatically be signed into Ambition
- Ambition access will automatically be revoked once employees are removed from company-defined HRMS system
Identity Provider Setup
Configuring the Identity Provider (IdP)
See the reference below for configuring your IdP to work with Ambition, the new service provider (SP)
Start URL: https://SUBDOMAIN.ambition.com/account-management/login/
Entity Id: https://SUBDOMAIN.ambition.com/account-management/login/
ACS URL: https://SUBDOMAIN.ambition.com/account-management/login/
Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Replace SUBDOMAIN in the URLs above with your Ambition-assigned subdomain
Ambition Setup
1. Open the left navigation and click Administration > People > Users.
2. Select the Single Sign-On tab.
3. Click the green Enable Single Sign-On button.
4. Complete the form.
Integration Name: Defaults to SAML Authentication. Naming convention is up to your Organization
IdP Metadata URL: The publicly accessible URL where your IdP's metadata is hosted
First Name SAML Attribute: The corresponding attribute name in your SAML response
Last Name SAML Attribute: The corresponding attribute name in your SAML response
Default User Time Zone: The corresponding default time zone your Organization utilizes
Automatically Create Ambition Accounts on Sync (Utilizing Just-in-Time User Provisioning):
When enabled, Ambition will use a SAML assertion to create User accounts the first time the User attempts to log in to Ambition.
When disabled you must manually create accounts for desired users, otherwise they will be denied Ambition access upon initial login.
5. Click the green Save button.
Comments
0 comments
Article is closed for comments.