Single Sign On (SSO) SAML V2
Use single sign-on (SSO) to allow your organization's employees to access your application.
PandaSuite allows you to integrate a SAML V2 SSO connection into your application.
⚠️ For the moment, SSO SAML V2 authentication is only compatible with web apps / PWA. If you want to integrate this authentication mode for a native application, please contact our team.
What is SSO SAML V2?
SSO is an authentication method that allows users to log into multiple applications in a secure manner. It is used by many organizations to enhance the security and control of applications deployed on employees' devices.
Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, a service provider (in this case PandaSuite) can contact an identity provider (managed by your organization) to authenticate users trying to access secure content.
How does SSO work?
A connection is established between your application and the Identity Provider. Here is how it works:
- A user launches your application
- PandaSuite sends a token containing some information about the user (his email address, for example) to the organization's SSO system as part of a request to authenticate the user.
- The organization first checks whether the user has already authenticated, in which case it grants access to the application
- If the user has not logged in, he/she will be prompted to do so by filling in the credentials required by the identity provider.
- Once the organization validates the credentials filled in, it sends a token back to PandaSuite to confirm successful authentication.
- This token is transmitted through the user's browser.This token that PandaSuite receives is validated and the user can access the application
To set it up, you need to contact the PandaSuite team.
You must first have created an application with the delivery formula of your choice (Web, Single, Multi or Full).
Send us an XML file of the Service Provider's metadata or a URL with in it: EntityID, Endpoints (Attribute Consume Service Endpoint, Single Logout Service Endpoint), public X.509 cert, NameId Format, Organization info and Contact info.
We will send you back a URL to configure your Identity Provider.