Skip Navigation
Expand
Mandatory requirements for SSO implementations
Answer ID 9991   |   Last Review Date 09/25/2023

What requirements are mandatory when implementing Single Sign On (SSO)?

Environment:

  • SAML 2.0 Single Sign-On (SSO)

Resolution:

The following steps are required when implementing SSO.

  • Add fingerprint of signing certificate to configuration setting SAML_20_SIGN_CERTS. A fingerprint of 54:73:8B:60:42:1D:CF:0C:A4:A8:0E:46:F4:1E:00:D5:E2:10:76:0B should  be modified to look like 54738B60421DCF0CA4A80E46F41E00D5E210760B.

Note: This fingerprint is only required for Customer Portal implemented with SSO and SSO not setup under "Single Sign On Configurations" in agent console.  In addition, ANY-TRUSTED should only be used when setting up and testing SSO for the first time. Once it has been confirmed to be working, this value should be replaced with the fingerprint of the signing certificate.

  • Upload signing certificate to File Manager under "Additional Root Certificates". If the signing certificate requires intermediate certificate(s) to be validated, those must be uploaded as well to File Manager under "Additional Root Certificates" or "Additional Intermediate Certificates".  If you have selected the "Do not verify trust chain for certificates" on your Identity Provider set up in the Single Sign-On Configurations component, you do not need to upload certificates into the File Manager. 

For more information on checking if the signing certificate requires intermediate certificates, refer to answer Validating the signing certificate for SSO.