Overview
AuthX integrates with Security Assertion Markup Language (SAML) to add two-factor authentication to Certify Care login. This SAML integration works for different web services
System Requirements
AuthX Authentication for server operating systems.
Server
-
Windows Server 2012
-
Windows Server 2012 R2
-
Windows Server 2016
-
Windows Server 2019
AuthX Factor Support
AuthX for SAML support these factor types for 2FA:
-
Push
-
TOTP
-
Face
-
Pin
-
Phone SMS
-
Phone Call
-
Email
-
Fingerprint
-
RFID
-
Hardware Token
Configuration Steps on AuthX & Care
Pre-Requisite
-
Make sure to have an AuthX account, you can signup here https://admin.authx.com/signup
-
Make sure to have an Care account, you can signup here Certify Care
Configuration
-
Login to AuthX Admin portal.
-
Navigate to the Applications tab
-
Click Protect Application and select Protect for Manage API
-
Provide your Application name & save it
-
Edit the application & copy the Application ID, Application Key & Application URL to past it on Care portal
-
Go to Settings-> Security Management
-
Select “Action” for HMAC key row
-
After successful two factor authentication, copy the HMAC key
-
Go to Care institution login, https://portaltest.certifyglobal.net/institution/login
-
Login using Microsoft account
-
Select the institution and login
-
Go to Settings → Authentication
-
Enable AuthX IAM and paste the Application ID, Application Key, Application URL & HMAC Key from AuthX (Mentioned above in Step 5 & 8 )
-
Save it
-
Navigate to Users → System User → Add a new user
-
Fill in the mandatory details and in the IAM select AuthX IAM
-
Save the user
-
Go to AuthX Admin portal, navigate to Users
-
The added user in Care portal will be reflected here
-
Edit the Public API user and click Send Enrollment email
-
Go to your email inbox and check “New User Enrollment” received from AuthX
-
Click here for enrolling
-
Set a password, mobile number
-
Activate your account either by scanning QR code / OTP method
-
-
User got activated now
-
-
Navigate to the Applications tab
-
Click Protect Application and select Protect for Certify Care
-
Provide your inputs on the Application Name, Access Management Options, Domain Name, Cookies Expiry
-
Application name – Random characters allowed
-
Access Management Options – Select any options based on below mentioned details
-
SSO with AuthX Identity
-
Login using AuthX Registered Email address and password followed by the authentication factor enrolled for the user
-
-
SSO with 3rd party Identity Provider
-
Login using configured 3rd party SAML identity provider
-
-
SSO with MFA for 3rd Party Identity Provider
-
Login using configured 3rd party SAML identity provider followed by authentication factor enrolled for the user in AuthX
-
-
Passwordless SSO with AuthX Identity
-
Use any of the enrolled authentication factor in AuthX to access the application
-
-
-
Institution ID
-
Input Certify Care institution ID here
-
-
Entity ID
-
Input https://careauthxserviceproviderinstitutionid here
-
-
Cookies Expiry
-
Select any options listed here
-
One time
-
On every login, user to provide the Username & Password while login
-
-
8 hours
-
Every 8 hours, user to provide the Username & Password while login
-
-
One day
-
Every 24 hours, user to provide the Username & Password while login
-
-
Max (7days)
-
7 days once, user to provide the Username & Password while login
-
-
-
-
Save the application
-
SAML as IDP – Care (SSO with AuthX Identity)
-
Pre-requisite – Make sure your logged out from AuthX Admin and Care account
-
Login to AuthX User portal
-
Navigate to Applications
-
Launch the Certify Care application from here
-
A new tab opens up SAML login
-
Login with the user portal credentials here
-
Use any of the Auth factors to successfully login
-
User redirected to Certify Care portal
SAML as SP – Care (SSO with AuthX Identity)
-
Go to Care Login
-
Login with the Certify Care user
-
Redirects to SAML Login
-
Use the AuthX User portal credentials
-
Use any of the Auth factors to successfully login
-
User redirected to Certify Care portal
SAML as IDP – Care (SSO with 3rd party Identity Provider OKTA)
Application & Okta setup updates
Identity Provider creation
-
Login to AuthX admin portal
-
Navigate to Identity Provider
-
Select Add Identity provider
-
Fill in the mandatory details (Mentioned below in OKTA Identity Provider Setup Step 6)
-
Set the application status to Active
-
Save the application
OKTA Identity Provider setup
-
Login as an Okta Admin account
-
Navigate to Applications and select Applications
-
Select AuthX SAML
-
Choose Sign On Tab and select View Setup Instructions
-
Copy paste the following details in above mentioned Identity provider creation-> Step 4
-
Identity Provider Single Signon URL,
-
Logout URL
-
Identity provider Issuer
-
Download Certificate
-
OKTA – AuthX Identity Provider Configuration
-
After the Identity provider application is saved, go to Okta login and navigate to Applications
-
Select Applications and select AuthX SAML
-
Choose General Tab and edit the SAML Settings
-
On the General Settings, click Next
-
On the Configure SAML page, fill these details “Single sign on URL, Single Logout URL, Audience URI (SP Entity ID), SP Issuer & Signature Certificate” from AuthX Admin portal. Follow the below steps,
-
Login to AuthX Admin Portal → Identity Provider → Edit the OKTA application (which was created in Identity Provider creation → Step 4)
-
Click on Download Metadata
-
Open the downloaded metadata file in Notepad and copy paste the Signin & Signout URL in above mentioned Configure SAML → Step 5
-
-
No go back to Configure SAML step and paste the following details,
-
Single Sign in URL
-
Single Logout URL (Click Show Advanced Settings)
-
Audience URI (SP Entity ID) and SP Issuer field – Update the respective AuthX company hostname
-
Signature Certificate
-
Go to AuthX Admin portal
-
Navigate to Settings-> Certificate Management
-
Download the certificate & upload it here and click on Next
-
-
Click Finish on the Feedback
-
Logout from OKTA admin account
-
Care application updates in AuthX admin portal
-
Login to AuthX Admin portal and navigate to Applications
-
Edit Care application
-
In the Access Management options, choose ‘’SSO with 3rd party identity provider’’
-
Select the Gateway
-
Save the application
-
Logout from AuthX Admin portal
Launch Care application as IDP
-
Pre-requisite – Make sure your logged out from AuthX Admin, Care portal & Okta Admin account portal
-
Now Login to AuthX User portal with user credentials
-
Navigate after successful login, it redirects to Okta login
-
Now input the OKTA user credentials and sign in
-
Redirects to AuthX user Confirm Identity page
-
Use any of the Auth factors to successfully login
-
User redirected to AuthX user portal-> Applications page
-
Now go to Auth Applications tab and launch Care application
-
A new tab opens up SAML login
-
Login with the user portal credentials here
-
Use any of the Auth factors to successfully login
-
User redirected to Care portal
SAML as SP – Care (SSO with 3rd party Identity Provider OKTA)
-
Go to Care Login
-
Login with the Zoho user
-
Later choose Sign In with SAML
-
Login with the Care user
-
Redirects to Okta login
-
Now input the OKTA user credentials and sign in
-
Use the AuthX User portal credentials mentioned in Configuration Steps on AuthX & Zoho ->Pre-Requisite → Step 2 a
-
User redirected to Certify Care portal