Introduction
Single Sign On system is an access control system for independent software systems, which allows the user to have a single username and password for all the systems. If ISL Conference Proxy is set up to use External Authentication (as described in this topic - External Authentication) then ISL Conference Proxy communicates directly with the system that holds the user database. However with Single Sign On setup ISL Conference Proxy (service provider) communicates with an Identity Provider, which in turn communicates with systems holding user databases. This adds another layer of security and offers users a single authentication point for different and completely independent software systems. In the Single Sign On setup the credentials and authentication information are exchanged via the SAML (Security Assertion Markup Language) standard between Service Provider and Identity Provider.
We have tested and provide examples for integration with the following Identity Providers:
- Microsoft AD FS
- Microsoft Entra ID
You can set Single Sign-On either on per-domain level or on a global level. Understanding the difference between per-domain Single Sign-On and global Single Sign-On is crucial for effectively managing user authentication across your server environment. When opting for global SSO, authentication is unified across the entire server. Implementing SSO per domain allows for greater flexibility and customization. With per-domain SSO, administrators can configure different Identity Provider for each domain on the server. This approach is beneficial for organizations that require distinct authentication policies or have varying levels of security sensitivity across different domains. Ultimately, the choice between per-domain and global SSO depends on your organization's requirements regarding security, convenience, and administrative complexity.
Requirements
In order to use SAML 2.0 Single Sign On with ISL Online, you will need:
- SAML 2.0 compatible Identity Provider
- ISL Conference Proxy 4.4.1837.102 or newer
- ISL Light 4.4.1906.12 or newer, for desktop
- ISL Light 4.4.1825.40 or newer for Android
- ISL Light 4.4.1809.35 or newer for iOS
- ISL Pronto 4.4.1932.38 or newer for desktop
Note:
There is a known issue with Single Sign On not working in browsers based on Chrome 98.
A fix was prepared in the following versions:
- ISL Light 4.4.2116.116
- ISL Pronto 4.4.1932.44
Other applications with login support that are not compatible with SSO authentication:
- ISL Desk
- ISL Groop