AppCheck supports Security Assertion Mark-up Language (SAML) for Single Sign On (SSO).
The AppCheck SSO implementation has been tested and is currently supported against SAML implementations from Microsoft Entra and Okta. SAML based solutions from other providers have not been tested but should be compatible provided that they adhere to the SAML standard.
AppCheck supports Service Provider (SP) Initiated SSO, meaning you are required to enter your username (email address) to log in to AppCheck. Identity Provider (IdP) Initiated SSO, where you follow a link from your IdP to be logged into the service without entering a username is not currently supported.
How to Configure SSO for Signing in to AppCheck
If using Microsoft Entra or Okta follow the appropriate guide in our Help Centre:
- Configuring Microsoft Entra ID (Formerly Azure AD) SSO for AppCheck
- Configuring Okta SSO for AppCheck
If using another SSO provider you will need to ascertain the correct process and values yourself, though the above guides may be a useful reference. The basic steps are as follows:
-
Raise a ticket with AppCheck Support to have the feature enabled for your account.
- Once AppCheck support have confirmed the feature has been enabled, complete the configuration in the AppCheck scanner portal at Settings, SSO Settings:
You will need an Admin user in AppCheck to do this. - Complete the configuration in your SSO provider's configuration tool.
- Assign users to the appropriate group in your SSO provider if required.
- Test the settings in AppCheck.
- Save the settings in AppCheck.
Once completed, the process for logging in to AppCheck will change:
- Users who are authorised for AppCheck in your SSO provider and are already logged in to your SSO provider will be logged in to AppCheck without being prompted for a password
- Users who are authorised in your SSO provider but are not signed in will be redirected to your SSO provider's login portal
- Users who do not exist or are not authorised for AppCheck in your SSO provider will be asked for their AppCheck password
Comments
0 comments
Article is closed for comments.