SAML SSO Settings
What is SAML?
Let's start with a definition from Wikipedia...
Security Assertion Markup Language (SAML, pronounced SAM-el) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
In non-jargon speak, SAML SSO (Single Sign On) lets your users login to FoxOMS with third party identity providers, such as GSuite, Okta, Azure Active Directory and Onelogin.
SAML reduces user friction, allowing your users to access FoxOMS with their existing company controlled user account.
Implementing SAML also benefits your businesses IT administrators, with less admin overhead and improved security by centralising user accounts. SAML isn't just for large enterprise, it's recommended for any business already running a central user directory such as GSuite.
SAML SSO Settings
To enable SAML, please navigate to Admin -> Module Settings -> SAML SSO.
Tip
To access these settings, you will need to be in a group that has access to the Admin Module
Enable SAML SSO
Change this select menu to Yes to show the SAML Settings window. To turn off SAML, revert this option back to No.
These settings will be supplied via your Identity Provider. Please see the following guides on how to configure SAML within your Identity Provider.
If you don't see your identity provider above, please feel free to write to us, and we'll try help you get setup with SAML using your identity provider.
IDP Entity ID / Issuer URL
Idp Issuer Entity ID, often a URL, eg. http://okta.com/Eksj7Hhsk24klljsd
IDP Login URL / SSO Endpoint
The URL that FoxOMS will call to request a user login from the Idp
IDP Logout URL / SLO Endpoint
The URL that FoxOMS will call to request a user logout to the Idp
IDP X.509 Certificate
The authentication certificate issued by your IdP
Configure Users
Once you've correctly configured SAML, you'll need to enable SAML for your users within FoxOMS.
Please navigate to Admin -> People select the user you'd like to login via SAML. Under account settings, select SSO / SAML Login and click Save Changes.
SAML Login
When SAML is enabled, the login screen is reconfigured with a new login button, titled Login with PROVIDER NAME. SAML enabled users can click this to login to FoxOMS with their directory accounts.
Clicking on the Standard Login screen will show the normal FoxOMS login form, allowing administrators to access FoxOMS without SAML.
Tip
We strongly recommend that at least one admin account is not enabled with SAML, as this allows access to FoxOMS if the SAML provider is down or there is an issue with the SAML configuration.
