New article
Recently updated
Assurance SSO | Cloudwork
Who is this article for?
Administrators who want guidance with configuring SSO in Assurance through Cloudwork.
Administration Access is required.
Assurance supports Single Sign-On (SSO) through Cloudwork. The configuration process takes around 15 minutes and involves creating and configuring a Custom SAML Service in Cloudwork and then configuring SSO in Assurance.
1. How to create a Custom SAML Service in Cloudwork?
Creating and configuring a Custom SAML Service in Cloudwork
To create and configure a Custom SAML Service in Cloudwork, refer to Custom SAML Service Guide. You will be redirected to the Cloudwork Product Wiki.
1. Sign in to the Cloudwork Dashboard.
2. Navigate to Single Sign On -> Add New Service -> Custom SAML Service.
3. On the New Service Metadata page, configure the following SAML Settings and then select Submit.
| Option | SAML Setting |
| Name |
Ideagen Policy Logic Assurance |
| Entity ID |
Enter the following value, replacing '{subdomain}' with your organisation's Assurance subdomain:
|
| Assertion Consumer Service |
Enter the following URL, replacing '{subdomain}' with your organisation's Assurance subdomain:
|
| NameID Value |
Select 'Email' from the dropdown menu. |
| NameID Format | Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress from the dropdown menu.
|
4. Assign users and group to the application as required. We suggest configuring a dynamic group with all users.
5. On the Completing SSO Setup screen, copy the following values. You will need these when configuring SSO in Assurance later in the setup process.
- Certificate SHA1 Fingerprint
- Sign On Endpoint
2. How to configure SSO in Assurance?
1. Select the Administration cog icon from the navigation bar and then select the Organisation button under the 'General' section.
2. On the Organisation screen, select the Edit button under the 'Details' tab.
3. Under the 'Sign On & Security' section, select the Single Sign On through SAML option.
4. In the fields that appear, update the following values.
| Field | Value |
| Name | Enter a user-facing display name, like 'Cloudwork', which will appear on the Login screen as a 'Sign in using Cloudwork' button. |
| Issuer |
Enter the following Issuer, replacing '{subdomain}' with your organisation's Assurance subdomain:
|
| IDP SSO Target URL | Enter the 'Sign On Endpoint' value from Cloudwork. |
| Federation XML URL | (Leave this blank) |
| IDP Certificate SHA1 Fingerprint | Enter the 'Certificate SHA1 Fingerprint' value from Cloudwork |
| ID Claim/Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Restrict login to use Single Sign On only | When selected, the email and password fields will be hidden on the login screen. |
5. Select the Update button to save your changes.
6. Sign out of Assurance by selecting your avatar icon from the navigation bar and then selecting the Logout option from your account dropdown menu. You will be directed to the Login screen.
7. Select the button to Sign in using {Name} and verify that SSO is working as expected.
3. Configuration assistance
If you require additional assistance with configuring SSO, our Professional Services team is here to help.
Our consultants can assist you with the configuration process, ensuring a seamless and efficient integration tailored to your specific needs.
To engage our Professional Services team, please get in touch today, and we will be happy to assist you further.
4. Limitations
3.1. No Assurance user found for email
Symptom
User receives a 'No Assurance user found for email' message when logging in using SSO.
Resolution
Ensure an Assurance account with the corresponding email has been created for the user before trying again.