Settings
      Back to home
      1. Krux Knowledge Base
      2. KruxMetrix
      3. Settings

      SSO Configuration

      Use the SSO Configuration page to activate/deactivate and configure Single Sign-On (SSO). KruxMetrix SSO authentication uses SAML protocol and redirects to your Identity Provider (idP) are Service Provider Initiated. SSO authentication can only be used for KruxMetrix and will not be appropriate if you have users that need to log into KruxLog.

      The following information from KruxMetrix will need to be configured in your SAML idP:

      • Reply URL - https://kruxmetrix.kruxanalytics.com/ServiceProvider/Index
      • Logout URL - https://kruxmetrix.kruxanalytics.com/Login/Logout
      • Entity ID - https://kruxmetrix.kruxanalytics.com
      • Ensure SAML token is configured to send a claim with emailaddress attribute

      The following information from your SAML idP must be entered on the KruxMetrix SSO Configuration page:

      • Sign-On URL - KruxMetrix will redirect your users to this URL to authenticate.
      • Sign-Out URL – KruxMetrix will redirect to this URL to sign-out users.
      • SAML Entity ID - Used by your idP to uniquely identify KruxMetrix.
      • SAML Signing Certificate - Certificate must be Base64 encoded. Required to validate the SAML tokens sent to KruxMetrix from your idP.
      • Any Divisions Selected on the SSO Configuration page will also authenticate using the entered idP configuration details.

      Users will need to be created as follows on the Users page in KruxMetrix:

      • An SSO Service Account should be created. This can be used by the Administrator to update SSO Configuration if they are unable to sign-on to their user account using SSO authentication. This may be required in the case that something is changed on your idP.
      • Each User must be created with an email address in KruxMetrix that matches their email address in your idP.

      When SSO is Enabled in KruxMetrix:

      • All Users must use SSO authentication to sign-on to KruxMetrix.
      • Users will not be able to sign-on to KruxLog.
      • Service Accounts can sign-on using a KruxMetrix specific password.
      • Selected Divisions must use SSO authentication from the same idP.
      • Divisions that are not selected may chose to either use KruxMetrix specific passwords or enable SSO and enter configuration information for themselves.

      When SSO is Disabled in KruxMetrix:

      • All Users and Service Accounts can sign-on using a KruxMetrix specific password.
      • SSO Configuration information as entered will be saved and SSO can be enabled again in the future.
      • SSO Configuration will also be Disabled for any selected Divisions. Divisions will be able to enable SSO and enter configuration information for themselves.