Overview

AuthX integrates with Security Assertion Markup Language (SAML) to add two-factor authentication to Certify Care login. This SAML integration works for different web services

System Requirements

AuthX Authentication for server operating systems.

Server

• Windows Server 2012

• Windows Server 2012 R2

• Windows Server 2016

• Windows Server 2019

AuthX Factor Support

AuthX for SAML support these factor types for 2FA:

• Push

• TOTP

• Face

• Pin

• Phone SMS

• Phone Call

• Email

• Fingerprint

• RFID

• Hardware Token

Configuration Steps on AuthX & Care

Pre-Requisite

1. Make sure to have an AuthX account, you can signup here https://admin.authx.com/signup

2. Make sure to have an Care account, you can signup here Certify Care

Configuration

1. Login to AuthX Admin portal.

2. Navigate to the Applications tab

3. Click Protect Application and select Protect for Manage API

   

4. Provide your Application name & save it

   

5. Edit the application & copy the Application ID, Application Key & Application URL to past it on Care portal

6. Go to Settings-> Security Management

7. Select “Action” for HMAC key row

   

8. After successful two factor authentication, copy the HMAC key

   

9. Go to Care institution login, https://portaltest.certifyglobal.net/institution/login

10. Login using Microsoft account

    

11. Select the institution and login

    

12. Go to Settings → Authentication

13. Enable AuthX IAM and paste the Application ID, Application Key, Application URL & HMAC Key from AuthX (Mentioned above in Step 5 & 8 )

    

14. Save it

15. Navigate to Users → System User → Add a new user

    

16. Fill in the mandatory details and in the IAM select AuthX IAM

    

17. Save the user

18. Go to AuthX Admin portal, navigate to Users

    1. The added user in Care portal will be reflected here

       

    2. Edit the Public API user and click Send Enrollment email

       

    3. Go to your email inbox and check “New User Enrollment” received from AuthX

    4. Click here for enrolling

       

       1. Set a password, mobile number

       2. Activate your account either by scanning QR code / OTP method

          

    5. User got activated now

       

19. Navigate to the Applications tab

20. Click Protect Application and select Protect for Certify Care

    

21. Provide your inputs on the Application Name, Access Management Options, Domain Name, Cookies Expiry

    

    1. Application name – Random characters allowed

    2. Access Management Options – Select any options based on below mentioned details

       1. SSO with AuthX Identity

          1. Login using AuthX Registered Email address and password followed by the authentication factor enrolled for the user

       2. SSO with 3rd party Identity Provider

          1. Login using configured 3rd party SAML identity provider

       3. SSO with MFA for 3rd Party Identity Provider

          1. Login using configured 3rd party SAML identity provider followed by authentication factor enrolled for the user in AuthX

       4. Passwordless SSO with AuthX Identity

          1. Use any of the enrolled authentication factor in AuthX to access the application

    3. Institution ID

       1. Input Certify Care institution ID here

    4. Entity ID

       1. Input https://careauthxserviceproviderinstitutionid here

    5. Cookies Expiry

       1. Select any options listed here

          1. One time

             1. On every login, user to provide the Username & Password while login

          2. 8 hours

             1. Every 8 hours, user to provide the Username & Password while login

          3. One day

             1. Every 24 hours, user to provide the Username & Password while login

          4. Max (7days)

             1. 7 days once, user to provide the Username & Password while login

    6. Save the application

SAML as IDP – Care (SSO with AuthX Identity)

1. Pre-requisite – Make sure your logged out from AuthX Admin and Care account

2. Login to AuthX User portal

3. Navigate to Applications

   

4. Launch the Certify Care application from here

5. A new tab opens up SAML login

6. Login with the user portal credentials here

   

7. Use any of the Auth factors to successfully login

   

8. User redirected to Certify Care portal

SAML as SP – Care (SSO with AuthX Identity)

1. Go to Care Login

   

2. Login with the Certify Care user

   

3. Redirects to SAML Login

4. Use the AuthX User portal credentials

5. Use any of the Auth factors to successfully login

   

6. User redirected to Certify Care portal

SAML as IDP – Care (SSO with 3rd party Identity Provider OKTA)

Application & Okta setup updates

Identity Provider creation

1. Login to AuthX admin portal

2. Navigate to Identity Provider

   

3. Select Add Identity provider

4. Fill in the mandatory details (Mentioned below in OKTA Identity Provider Setup Step 6)

   

5. Set the application status to Active

6. Save the application

OKTA Identity Provider setup

1. Go to https://dev-74176585.okta.com/login/login.htm

2. Login as an Okta Admin account

   

3. Navigate to Applications and select Applications

4. Select AuthX SAML

   

5. Choose Sign On Tab and select View Setup Instructions

   

6. Copy paste the following details in above mentioned Identity provider creation-> Step 4

   1. Identity Provider Single Signon URL,

   2. Logout URL

   3. Identity provider Issuer

   4. Download Certificate

OKTA – AuthX Identity Provider Configuration

1. After the Identity provider application is saved, go to Okta login and navigate to Applications

2. Select Applications and select AuthX SAML

3. Choose General Tab and edit the SAML Settings

   

4. On the General Settings, click Next

   

5. On the Configure SAML page, fill these details “Single sign on URL, Single Logout URL, Audience URI (SP Entity ID), SP Issuer & Signature Certificate” from AuthX Admin portal. Follow the below steps,

   1. Login to AuthX Admin Portal → Identity Provider → Edit the OKTA application (which was created in Identity Provider creation → Step 4)

   2. Click on Download Metadata

      

   3. Open the downloaded metadata file in Notepad and copy paste the Signin & Signout URL in above mentioned Configure SAML → Step 5

      

6. No go back to Configure SAML step and paste the following details,

   1. Single Sign in URL

      

   2. Single Logout URL (Click Show Advanced Settings)

      

   3. Audience URI (SP Entity ID) and SP Issuer field – Update the respective AuthX company hostname

      

   4. Signature Certificate

      1. Go to AuthX Admin portal

      2. Navigate to Settings-> Certificate Management

      3. Download the certificate & upload it here and click on Next

         

   5. Click Finish on the Feedback

   6. Logout from OKTA admin account

Care application updates in AuthX admin portal

1. Login to AuthX Admin portal and navigate to Applications

2. Edit Care application

3. In the Access Management options, choose ‘’SSO with 3rd party identity provider’’

4. Select the Gateway

   

5. Save the application

6. Logout from AuthX Admin portal

Launch Care application as IDP

1. Pre-requisite – Make sure your logged out from AuthX Admin, Care portal & Okta Admin account portal

2. Now Login to AuthX User portal with user credentials

3. Navigate after successful login, it redirects to Okta login

   

4. Now input the OKTA user credentials and sign in

5. Redirects to AuthX user Confirm Identity page

   

6. Use any of the Auth factors to successfully login

7. User redirected to AuthX user portal-> Applications page

8. Now go to Auth Applications tab and launch Care application

   

9. A new tab opens up SAML login

10. Login with the user portal credentials here

11. Use any of the Auth factors to successfully login

    

12. User redirected to Care portal

SAML as SP – Care (SSO with 3rd party Identity Provider OKTA)

1. Go to Care Login

2. Login with the Zoho user

3. Later choose Sign In with SAML

4. Login with the Care user

5. Redirects to Okta login

   

6. Now input the OKTA user credentials and sign in

7. Use the AuthX User portal credentials mentioned in Configuration Steps on AuthX & Zoho ->Pre-Requisite → Step 2 a

8. User redirected to Certify Care portal