Single-Sign-On Configuration

Xponent supports SAML 2.0 Single-Sign-On (SSO) configuration that allows organisations with centrally managed identity providers to manage user accounts. Xponent uses SSO for account authentication only, it does not support authorisation, or account provisioning. Authorisation within Xponent remains with the standard user roles and permissions. Xponent tests SSO against JumpCloud, Okta and Ping Identity. The SSO integration is known to work with Microsoft ADFS and Google GSuite IdP.

Xponent Support will configure your organisation to use SSO. The following information is needed:

• Sign On URL: The Identity Provider’s specified SSO URL.
• Issuer: The Identity Provider’s specified Entity Id URI. This should be provided by the IdP.
• Email Attribute Name: A mapping of the provided email address’ attribute name to the SAML Email attribute (e.g. “email”, or “username”).

Xponent Identity Provider Information

To configure Xponent as an application in your identity provider you will need to provide the following information: 

• Entity Id: A unique and immutable URI for the SAML entity. It is stored in the SAML metadata and can refer to either a Service Provider, or Identity Provider. In the case of Service Provider initiated SSO, Entity Id refers to the Identity Provider, and is the same value as the Issuer configured above(e.g. “https://identityprovider.com/id/Xponent”).
• AssertionConsumerServiceURL (ACS): Service Provider’s assertion End point - https://hub.kitewheel.com/saml/login/callback
• SAMLSubject Name ID: email 

JumpCloud Application Settings Example

Okta Application Settings Example