Single Sign On Quickstart Implementation Guide
To enable Single Sign On (SSO) with the Lotame platform, you will need the following:
- Your Identity Provider's connection information at minimum:
- Entity ID
- Single Sign On Redirect URL
- Signing Certificate
- Lotame's SSO connection information to enter into your Identity Providers platform. Lotame’s SSO administrative pages provide this information.
- Ensure your SSO system delivers the user email in the SSO username value (urn:oasis:names:to:SAML:1.1:nameid-format.emailAddressattribute)
- A Client Administrator account in the Lotame platform to implement the configuration.
This guide is Lotame’s best practice guide, but may not cover every situation. Please reach out to the Lotame client success team if you have any questions.
Step 1: Reach out to your Lotame client success manager to have SSO administration made available on your account.
Step 2: Go to Manage Settings and select Identity Provider under Single Sign On on the left menu.
Step 3: Enter your identity system’s details by either uploading an Identity Provider Metadata XML file, or entering the information manually. Click Save.
Step 4: Select Service Provider on the left menu. Either download the SP Metadata XML file or copy the Lotame system’s information and enter it into your Identity Provider’s platform.
Step 5: Select Account Settings on the left menu. Add the domain of the email address you use when logging into your company’s Identity Provider system to the Domain Management section. Then contact your Lotame client success manager to confirm when the domain is approved.
Step 6: On the top left of the screen, enable the Single Sign On switch.
Step 7: Copy the SSO users URL link in the Access Notes section on the right of the page, then log out of the Lotame platform.
Step 8: Go to the copied URL and you should land on your Identity Provider’s login page. Login and you should be redirected back to Lotame as a logged in user.
Congratulations, your Lotame platform account is now configured for SSO! Here are your next steps:
- Communicate to your internal teams that moving forward all user administration and platform access will be handled via your SSO solution on a specified date.
- On your specified date navigate to the SSO Account settings page and enable the "Require for Non-Users" toggle.
If your login was not successful, head to the SSO Logs page to see any error messages that may help you correct the issue. As always, if you need assistance please reach out the Lotame client success team.
Next Steps: There are some other items you likely want to configure such as additional domains your users may have or setting up the auto-create new users and select which clients and roles new users get by default. For full details on those options, please read the SSO Detailed Documentation page.