NextRequest currently supports Security Assertion Markup Language (SAML) 2-based Single Sign On (SSO) on certain packages. If you do not have SSO as a part of your package and would like to add it please reach out to your Account Manager or NextRequest Support.
Article Navigation
About SSO
Single sign-on is a user authentication service that permits a user to use one set of login credentials (for example, an email and password) to access multiple applications. SSO can be used by enterprises, smaller organizations, and individuals to ease the management of various usernames and passwords. For government employees, this typically means being able to use the same login credentials to log in to various applications you need to use for your job.
How SSO Works in NextRequest
Once SSO is enabled, users will be able to log in through a link on the sign-in page that states: "STAFF MEMBERS: Sign in with your [agency] user name".
If the user has a NextRequest account set up under their email address already they will be logged into that account. If they do not yet have a NextRequest user account but are in your SSO instance, they will be logged in as a user that has requester-level permissions (Guest-user role). You can review the Edit a User Account section of our Create and Manage Users article.
Set Up SSO
- Log in as an Admin user
- Click Admin in the upper right-hand corner of the page and select Portal Settings from the drop-down
- Select Single Sign-On (SSO) in the bottom left corner under Add-Ons
- View the Setup Information. The exact process to set up the SSO integration depends on the application, but the configuration page will include the information you need to complete the setup on your end:
- Identifier (Entity ID)
- Reply URL (Assertion Consumer Service URL)
Note: Please also ensure that we receive the user's email address as a claim, the name "email". This email address will be used as our account's identifier.
- Enter your SSO Endpoint (login URL) and Certificate (in Base 64 format) in the fields provided
- Click the Save button
- Click on the link that states STAFF MEMBERS: Sign in with your [agency] user name on the SSO configuration page to test the SSO configuration
- Check the Display the link to sign via SSO on your portal's main sign-in page box
- Click the Save button
Update Your SSO/Metadata Certificate
You can update your SSO by pasting in the new information such as the updated metadata certificate following the same steps listed above.
SSO Frequently Asked Questions
What if we already have SSO set up, do we need to change our configuration?
No, if you have already set up SSO before the self-serve option was available you do not have to switch. If you would like to switch please reach out to NextRequest Support and we are happy to enable it for you to self-serve.
I'm not sure how to set this up on our end, can you help?
We are happy to help answer any questions you may have, however, set up on your end is entirely dependent on which service you are using and your existing configuration. We recommend following up with your SSO provider for additional information on how to configure new applications for SSO. We've included helpful resources below for common service providers:
- Active Directory Federation Service (ADFS)
- Azure AD
- Step 1: Add an Enterprise Application
- Step 2: Configure Single Sign-On
- Step 3: Add Users to the Application
- Okta
Comments
Let us know what was helpful or not helpful about the article.0 comments
Please sign in to leave a comment.