Custom SSO Implementation Guide
SHI One leverages Auth0, a secure and industry leading Identity platform, for user management and Single Sign On integration. As such, we support a variety of SSO integration options including:
- SAML
- Open ID Connect
- Google G Suite
- Microsoft Azure AD
- ADFS
- Active Directory / LDAP
- Ping Federate
- SHI Account Identity
By default, SHI One is available out of the box with a standard Microsoft Azure AD integration, integration with your SHI.com based identity, and a non-SSO based username and password option.
To request a custom SSO integration, you must submit a Service Request in SHI One.
All SHI One Admins within your company are automatically able to submit Service Requests related to the SHI One platform. To submit the request:
- Navigate to Support Center -> New Request -> Service Request
- Select Custom SSO Integration Request as the Sub-Issue Type
- All the following information must be included in your SSO Integration Request ticket:
- A valid email address must be included in the claim
- Your confirmation that the SHI One application acts only as the Service Provider, not the identity provider
- Your confirmation that, as the identity provider, you are responsible for validation of all email addresses
- Click Submit
SHI requires the following pieces of information to configure a custom SAML integration:
- List of approved IdP domains
- Ex: contoso.com
- SAML Sign in URL
- X509 Signing Certificate
The instructions below detail the steps that must be completed on your (the Customer) side to setup up the Identity Provider that will be integrated with SHI One.
- Use the SAML App Wizard to create your SAML integration. When done, you'll be directed to the Sign On page for your newly-created app
- Click View Setup Instructions to complete the process
- Note the Identity Provider Single Sign-On URL, and download a copy of the X.509 certificate
- Alternatively, you can provide the Identity Provider metadata link available from within the Sign On Settings
-
- Provide this information to SHI via your SSO Integration Request ticket
If you would like to go directly into SHI One from your Okta Application Portal/Launcher, you will change the Single Sign-on URL for the application on your Okta dashboard. SHI will provide this URL and it will be specific to your organization following the below format: