Activating Single Sign-On (SSO)
DataShare has an option to use SSO using SAML 2.0. If you would like to add this feature to your DataShare Portal, please speak to your DataShare Account Manager.
To enable SSO, select your user account at the top right-hand side and click on Settings.
On the left-hand side, select Integrations and the Single Sign-On option.
If your portal has SSO enabled, a user with significant access will be able to configure SSO in the ‘System Configuration’ section of the DataShare Admin dashboard.
The following settings will need to be updated to use SSO on your DataShare Portal:
- Single Sign-On 'On/Off' switch will need to be on the 'On' position (please ensure at least one Admin user is set up on your portal to use SSO before clicking 'Save' as this will disable password logins for DataShare Admin users for your portal).
- Upload a SAML certificate (You also have the ability to download a copy of the certificate)
- Identity Provider URL – you can specify where DataShare Portal Admin users are directed after logging out
Please ensure that at least one DataShare Portal Admin user is set up with a Unique SSO identifier as once SSO is switched on all passwords for DataShare Portal Admin users will be disabled.
Once the changes have been made, click on 'SAVE' to save the changes.
Setting up client users using SSO
When SSO is added to your DataShare portal, all DataShare Admin users will have an additional field called Unique SSO Identifier.
If SSO is switched off through the settings on the DataShare portal the Unique SSO Identifier becomes an optional field, however, it will become mandatory whenever SSO is switched on.
Unique SSO Identifier has to be unique to a DataShare Admin user and there is an option to use the email address as the Unique SSO Identifier.
Please note that when SSO is switched on and you create a new client user, they will no longer receive an email to complete the sign-up process.
Setting up SSO on your identity provider
When SSO is switched on, the URL you need to connect to should be [YourURL]/URI:oauth/saml20
Please ensure that you have already configured the DataShare Admin user's Unique SSO Identifier and added the certificate to the portal.
Logging back in after signing out of DataShare
If you exceed the 15-minute DataShare Portal timeout or you manually sign out of DataShare, you will see a new option on the login screen called 'SIGN IN AS A CLIENT'. Clicking on this button will take you to the URL set in the system configuration screen which will log SSO users in.
Communication around SSO
As SSO credentials are not managed through DataShare, users with SSO access who try to rest their password via the portal and click Forgot Password? will receive an email from the following templates:
- Password reset for SSO Client User: Body
- Password reset for SSO Client User: Subject