Skip to content

Single Sign-on

Single Sign-on provides an organization the ability to offer their own third-party authentication provider for an account, without having to create new credentials (usernames/passwords) on the platform.

This provides an extra layer of security for an organization's account.

The SAML 2.0 protocol is supported.

Custom SAML 2.0 Provider

Account administration (accountAdmin abac policy) allows an administrator to configure external SAML providers for login into the platform.

Navigate to Left Menu > Account > Auth Clients to see the currently configured Authentication Clients.

Example for acme-organization account

This example is for an organization leveraging Shibboleth IdP

  • Callback URLs: https://apps.us.lifeomic.com/auth/v1/app-redirect
  • Signout URLs: https://acme-organization.apps.us.lifeomic.com/phc/logout
  • Metadata document URL: https://acme-organization.idp.example.com/shibboleth-idp/shibboleth
  • Email attribute mapping: urn:oid:0.9.2342.19200300.100.1.3
  • Name attribute mapping: urn:oid:2.16.840.1.113730.3.1.241

Last update: January 31, 2020