Enable SSO Login

NineData supports SSO login to reduce the time and effort needed to login and to improve efficiency. This article will explain how to manage SSO login.

Prerequisites

• You have already created or joined an organization, and the organization has subscribed to . Please ensure that your annual or monthly subscription is still active. For more information, please refer to Manage Organizations.
• Your current account has been switched to the target organization. For more information, please refer to Switching to an Organization.

• Your role is a system administrator. For more information, please refer to Roles.
• An IdP provider has already been registered. This article will use Azure AD as a demonstration.

Notes

• After SSO login is enabled, the identity of the current organization will change from ORG to SSO. Except for , all members can only log in to the organization through SSO.
• After SSO login is enabled, cannot add members by Inviting users, but can only add them by creating SSO users.
• To disable SSO, there must be a role in the organization with another called , otherwise SSO cannot be disabled.

Steps

1. Log in to the NineData Console.

2. Click > on the left navigation bar.

3. On the page, click on the toggle switch next to to enable SSO login, and then configure according to the table below.

   Parameter	Description
   	Enter your organization's domain, you can directly enter your organization's name.
   	Based on the value entered in , the system automatically generates and . Click on and then click on to download the XML file. Use the downloaded XML file to configure the association in the IdP provider's console and obtain the required metadata for SSO login. For more information, refer to the Appendix.
   	Enter the authentication information obtained from the IdP provider, including , , , and . Alternatively, you can click on to upload the Federation Metadata XML file downloaded from the IdP provider, which will automatically fill in the metadata information. Refer to the Appendix for the steps to perform in the IdP provider's console.
   (optional)	Enable this option if desired. When a user logs in to NineData via SSO, the system will automatically add the user to NineData without requiring prior creation of SSO user steps. Note: If the administrator later disables SSO login, in the organization will no longer be able to log in to the organization, while will not be affected.
   (optional)	This option is available when is enabled. Specify the default role(s) to be assigned to automatically joined SSO users. Single and multiple selections are supported.

4. Click .

Appendix: Configuring Applications in Azure AD

1. Sign in to the Azure portal using an administrator account.

2. In the top search bar, type Enterprise applications and click Enterprise applications in the search results.

3. Click New application and on the Browse Azure AD Gallery page, click Create your own application.

4. In the window that pops up on the right, customize the application name and select Integrate any other application you don't find in the gallery (Non-gallery) below, and then click Create.

5. After the application is created, the page automatically redirects to the overview page of the application. Click Single sign-on in the left navigation bar, and click SAML as the sign-in method.

6. On the Set up Single Sign-On with SAML page, click Upload metadata file, select the XML file downloaded in Enabling SSO Login step, and click Add.

7. On the Basic SAML Configuration page that pops up on the right, click Save.

8. Scroll down to the third section (SAML Certificate) on the page and click Download on the right of Federation Metadata XML.

   tip

   The XML file contains metadata information (Azure AD Identifier, Login URL, Logout URL, Certificate) required for SSO login. If you do not download this XML file, you can manually record the metadata information in the fourth section and download the certificate (base64) in the third section.