Single sign-on (SSO)

In IBM® NS1 Connect®, you can configure SAML 2.0 single sign-on (SSO) authentication through integrations with third-party identity management services like Okta, Azure, OneLogin, or Duo.

NS1 Connect supports SAML 2.0 SSO logins initiated by both the identity provider (IdP) or the service provider (SP).

  • With IdP-initiated login, a user logs into the third-party identity management service, selects the NS1 Connect application and is then redirected to the NS1 Connect application.
  • With SP-initiated login, a user navigates to the NS1 Connect login page and clicks the option to log in using SSO.
Note: SSO is available only to accounts with a Premium plan.

Process for configuring SSO

Following are the high-level steps to configure SSO:

  1. Locate your SSO ID in NS1 Connect.
  2. Configure the third-party identity management service with your SSO ID.
  3. Contact IBM support with the metadata URL or XML file.
  4. IBM support turns on SSO and verifies it works.

Alerts for SAML certificates

Security Assertion Markup Language (SAML) certificates, which are used in authentication for SSO, expire and need to be generated again. You can create an alert to notify you when certificates are about to expire or have expired.

Single sign off

Single sign-off is not supported. If a user logs out of their third-party identity management service account while there is an active NS1 Connect session, the user remains logged in to NS1 Connect until the session expires.

Revoked access

If you revoke someone's access in the third-party identity management service, you must also delete their inactive user account in NS1 Connect.