This article explains the self-implementation tool for integrating Coviu into your on-prem ADFS or AZURE Single Sign-On system.
Last Updated: Feb 2021
The ability to integrate Coviu with your organisation's Single Sign-On system is available to clients on a Coviu Enterprise plan. Currently, we can offer integration with Azure and on-prem ADFS SSO systems.
These activities would be undertaken by your Coviu Organisation Administrator and likely someone who has administrator capacity with your SSO system.
You will need to configure your SSO system prior to undertaking the below steps. To do that, use the instructions included here:
NOTE: Once you have saved the SSO configuration in Coviu, the integration will immediately be active. Before undertaking the below steps, we highly recommend setting a planned rollover date and communicating the change to your Users.
Steps to turn on SSO for your Coviu implementation:
- As the Coviu Organisation Administrator, log into your platform. Have your SSO system administrator on-hand.
- Enter the Platform Administration screen by clicking on the drop down arrow next to your profile photo thumbnail and choosing Platform Administration.
- Click on the System Configuration option, then the Single Sign-On tab and Add Configuration.
- On the resulting screen, enter the required SSO details which your SSO system administrator may supply. See below. These details should have come from the precursor work your administrator undertook.
- Clicking SAVE will immediately activate the configuration so ensure you have followed the NOTE above recommending a planned rollout date and any change management communications to your Users.
- SSO should now be activated.
- Which SSO technologies do we integrate with?
- Do we support SAML 2.0?
- Yes, SAML 2.0 is the protocol we support at the moment.
- Is our product (Coviu) listed in the Azure Marketplace/Gallery?
- No. Not at this stage.
- Authentication state?
- Forms based.
- Do we require Microsoft ADFS 3.0 to encrypt assertions to protect data leakage of sensitive information passed back to Coviu during logon?
- We don't support this extra layer of encryption at the moment.
- Do we require the Microsoft ADFS 3.0 to sign their assertions?
- Yes, we validate the signatures when we receive a request/response from Microsoft ADFS 3.0.
- Do we allow unique identifiers other than a users email address?
- No. At this stage, we require all user identifiers to be their email address.