Manage authentication

Portal admins set up and manage the Prophix Authentication and Single Sign On (SSO) authentication methods available to users. These methods control user access to their Prophix One applications. You can define up to 50 SSO methods.

 Note:  You cannot change the settings for Prophix Authentication, other than to make it the default authentication method.

The available SSO authentication methods are OIDC 1.0 and SAML 2.0.

Open authentication

You manage Prophix Authentication and SSO from SSO and Authentication.

  • In the left-hand panel, click Account Management > SSO and Authentication.

 New!

The Certificate Expiry Date column shows the expiry dates for SAML 2.0 certificates.

Knowing when a certificate due to expire helps you to avoid getting locked out of Prophix One.

(For definitions that do not use SAML 2.0, the column shows Not applicable.)

Add an SSO method

You add SSO authentication methods to Portal one at a time.

  1. In SSO and Authentication, click .

    The Add Properties dialog appears.

  2. Complete the following:

    • Name: The display name of the method that appears in the sign-in.
    • Authentication type: Select either OpenID Connect 1.0 or SAML 2.0, as appropriate.
  3. Do one of the following:
    • If you chose OpenID Connect 1.0, as per your IT department, complete the following:
      • Authentication URL
      • Token URL
      • Client ID
      • Client secret
      • PKCE
      • Claim identifier
    • If you chose SAML 2.0, as per your IT department, complete the following:
      • SAML SSO URL
      • Issuer URL
      • Token signing certificate
      • (Optional) To load the above properties from an XML metadata file, click and select the appropriate file.
  4. Click Save.

The new method's properties appear in the panel on the right.

Edit an SSO method

You can change the details of an SSO method in Portal.

 Note:  Prophix Authentication cannot be edited.

  1. In SSO and Authentication, select the row of the method you want to edit.

  2. Click .

    The Edit Properties dialog appears with all details available for editing.

  3. Make your changes.

  4. Click Save.

Delete SSO methods

Use the following procedure to delete one or more SSO methods from Portal.

 Note:  Prophix Authentication cannot be deleted.

  1. In SSO and Authentication, select the row(s) of the method(s) you want to remove.
  2. Click .

  3. Confirm your choice.

     Tip:

    Deletion is not permitted if an SSO method definition is currently assigned to users.

    In this case, do the following:

    1. Assign those users a different SSO method.

    2. Delete the old SSO method definition.

 

Set the default method

The method you specify as the default method is the one automatically assigned when you add a new user account. You can change this setting at any time.

  1. In SSO and Authentication, select the row of the method you want to designate as the default.
  2. Under Default Authentication, turn on the button.
  3. Confirm your choice.

Email verification

When you assign a user a custom SSO method, the user must verify their identity through email.

Verification works as follows:

  1. At the user's first attempt to sign in, a message appears requesting that the user check email.

    (Optionally, if the user has not received the verification email, the user can click a button in the dialog to have one sent.)

  2. In the email message, the user clicks the provided link.

    A confirmation dialog appears.

  3. The user clicks the button in the confirmation dialog.

    Another confirmation dialog appears.

    The user's email address is verified and the user can sign in to the Prophix One platform without any further verification required.