System Administration

Enable Single Sign On

For users with a Syniti Knowledge Platform tenant and a Stewardship Tier instance, single sign on (SSO) is a feature that can be enabled to sync login and session information between both tiers. By default, users can continue to use all existing authentication methods in the Stewardship Tier. If SSO is enabled, that becomes the only authentication method users can utilize to log in to the instance.

NOTE: Electronic signature is not currently supported for SSO.

To enable single sign on:

  1. Set up SSO in the Knowledge Platform. Refer to Single Sign-On in the Knowledge Platform for more information.

  2. Log in to the Stewardship Tier instance.

  3. Create a Stewardship Tier administrator user account for each user that will be logging in with SSO as an admin.

    NOTE: The email address is used during SSO login.

    NOTE: This user account must exist in the Knowledge Platform, and the email addresses must be identical.

  4. Create all additional user accounts and assign roles.

    NOTE: The email address is used during SSO login.

    NOTE: This user account must exist in the Knowledge Platform, and the email addresses must be identical.

  5. Navigate to Admin > Configuration > Parameters in the Navigation pane.

  6. On the Site Parameters tab, enter the root directory of the Stewardship Tier site in the Web Site Root field.

  7. Submit a request to Syniti Support at support.syniti.com to register the Syniti Stewardship Tier as a client in the Syniti Knowledge Platform.

    NOTE: Include the Web Site Root in your request.

  8. Support sends you an email with the Client ID and Client Secret information, and, optionally, the Api Url and Logon Url information.

  9. In the Stewardship Tier, navigate to Admin > Configuration > Parameters in the Navigation pane.

  10. Click the Security Settings tab.

  11. Click the SKT Tenant icon.

  12. Click Edit.

  13. Enter the ID as sent by Syniti Support in the Client ID field.

  14. Enter the Client Secret as sent by Syniti Support in the Client Secret field

  15. If Syniti Support sent you an updated Api Url or Logon Url, expand the Advanced Settings section.

  16. If Syniti Support sent you an updated Api Url, enter that value to the Api Url field.

  17. If Syniti Support sent you an updated Logon Url, enter that value to the Logon Url field.

  18. Click Save and close the page.

  19. Click the Enable Single Sign On Authentication button.

  20. Click OK to the confirmation message.

NOTE: Various validations may display if the Stewardship Tier has not been correctly configured to support SSO. The CranSoft.dbo.LogEntry table lists detailed SSO error messages, for example, if a Stewardship Tier user attempts to log in, but no matching email is found.

NOTE: Various fields throughout the Stewardship Tier are hidden when SSO mode is enabled because they are not relevant.

NOTE: When logging out of the Stewardship Tier, the user’s session is automatically ended in the Knowledge Platform, and vice versa.

Log in with SSO

To log in to the Stewardship Tier with SSO:

  1. Go to the Stewardship Tier login page for the instance.

    NOTE: If you are not already authenticated, the browser automatically redirects to the SSO login page.

    NOTE: If you approach the Stewardship Tier site that has SSO enabled and you are not authenticated, the browser is redirected automatically to the SSO login page.

  2. Log in using the email address linked between the Syniti Stewardship Tier instance and the Syniti Knowledge Platform tenant.

    NOTE: You are navigated to the tenant’s identity provider.

  3. Log in to the login identity provider.

    NOTE: You are brought to the Stewardship Tier site.

  4. Navigate to your Stewardship Tier Instance and notice you are automatically logged in.