Single Sign-On Portal

The single sign-on must be enabled on the tenant also the identity provider's settings must be configured on that tenant.

  1. Login to the Appnavi portal with the tenant owner role
  2. Go to the Manage tenant and enable Single Sign On
  3. On the OAuth tab, fill in all the required fields with the valid Identity provider's configuration.

For more details refer to the following links,
Single Sign-On with Azure AD
Single Sign-On with Okta

SSO Workflow

The general workflow of SSO involves the following steps:

  1. As the user hit the URL “https://{AppNaviportaldomain}/Login/tenant/{tenantId}", the AppNavi checks if the SSO is enabled for the tenant specified in the URL.
  2. In case of enabled SSO, a link or button as Login with SSO will be displayed.
  3. As the user clicks on the “Login with SSO“ link, AppNavi authenticates the user with the settings configured on that tenant.
  4. If not authenticated, AppNavi redirects the user to the Identity Provider (Azure AD or Okta) for authentication.
  5. The user provides their credentials to the IdP (Identity Provider).
  6. The IdP authenticates the user and redirects the user back to the AppNavi API.
  7. The AppNavi creates the users’ claim identity.
  8. The user gains access according to the role granted on the AppNavi portal.

SSO Enable/Disable

  1. In case of enabled SSO, a link as Login with SSO will be displayed below the “Forgotten your password“ link
  1. In case of disabled SSO, a normal login page will be displayed

SSO Only

AppNavi also added an option as SSO Login only. This will allow users to log in with SSO only. To enable it, log in to the AppNavi portal then go to Manage Tenant > Settings and click on the toggle switch.

Manage Tenant on Portal

Manage Tenant on Portal

With SSO Login only, when the user hit the URL “https://{AppNaviportaldomain}/Login/tenant/{tenantId}", a button Login with SSO will be displayed as below,

Portal Login View

Portal Login View

In this case, all the users for this specific tenant and the tenant owner himself will no longer be able to access the portal using normal login. The user will be redirected to the page to provide the correct tenant ID which will take the user to the SSO login page.