All Collections
User Management
Single Sign-On (SSO)
Single Sign-On (SSO)

How to configure single sign-on (SSO) ?

R
Written by Rachel
Updated over a week ago

What is Single Sign-On (SSO)

Single Sign-On (SSO) enables you to access multiple web applications using one set of login credentials. It works by passing authentication information between an identity provider (idP) and a web application.

Supported Authentication Standards


โ€‹SAML (Security Assertion Markup Language (SAML)

SAML Single Sign-On is an XLM standard that enables secure web domains to exchange user authentication and authorization data.

NikoHealth offers a SAML-based SSO service that allows clients to authenticate hosted users who are trying to access the application.

How to setup an application for SAML single sign-on (SSO) in Microsoft Entra ID (formerly known as Azure AD) ?

  1. Register NikoHealth as a new application within Microsoft Entra ID

  2. Within the SAML configuration enter the:

  3. Once configured please send the following information to your account success manager at NikoHealth:

    • Provide the App Federation Metadata URL or the Federation MetaData XML file.

    • Microsoft Entra identifier.

Helpful Tips:

Your Workspace
The Sign-On URL and the Reply URL above should contain the URL that your organization uses to access NikoHealth.

User Accounts

A User account must be created in NikoHealth in order for the user to login using single sign-on.

Disable Local Login

If required, local login can be disabled preventing users logging into NikoHealth without using Single Sign-On. Please make sure this request is communicated to your customer success manager if needed.

OpenID

OpenID connect is a protocol designed for user authentication. OpenID connect is a standard added on top of Oauth 2.0 framework which adds ID Token to the access token in OAuth 2.0 and acts as Single Sign-On (SSO) standards.

How to setup an application for OpenID single sign-on (SSO) in Microsoft Entra ID (formerly known as Azure AD) ?

To register an OpenID Connect (OIDC) application in Microsoft Entra ID, follow these steps:

  1. Register NikoHealth as a new application within Microsoft Entra ID

  2. Enter the Redirect URI, Choose "Web" and enter the URL where you want the token responses to be sent. This should be your application's sign-in page endpoint with the extension /signin-oidc. - Click "Register" to create the application. https://yourworkspace.nikohealth.com/api/identity/signin-oidc

  3. Certificates & secrets - Click on "Certificates & secrets" in the left-hand menu. - Under "Client secrets," click "New client secret." - Add a description and set an expiration period for the secret, then click "Add." - Copy the client secret value immediately as it will be needed.

  4. API permissions - Click on "API permissions" in the left-hand menu. - Click "Add a permission." - Choose the necessary permissions (e.g., "openid")

  5. Go to the "Overview" page of the registered application. - Note down the "Application (client) ID" and "Directory (tenant) ID." - Click on "Endpoints" at the top of the page and note down the "OpenID Connect metadata document" URL. This URL provides the endpoints for authorization, token, user info, etc.

  6. Once configured please send the following information to your account success manager at NikoHealth:

    • Application Client ID

    • Directory(tenant) ID

    • Client Secret

    • OpenID Connect Metadata URL

Did this answer your question?