Skip to main content
All CollectionsIT & Security
LabLogs.co SSO Configuration Settings
LabLogs.co SSO Configuration Settings

This is a general overview of the SSO Configurations needed both for and from the Client.

Chad Hartz avatar
Written by Chad Hartz
Updated over a week ago

SSO (Single-Sign-On) Configuration - SAML-Based Flow


Overview

LabLogs supports SAML-based single sign-on with most 3rd party identity providers. This document will go over (at a high-level) our process for configuring your 3rd party IDP to work with the Lab Logs Application.

  • Users who federate for the first time will automatically be created in our system with no access.

    • An Administrator can enable access for the appropriate Sites, Departments and Units for each user.
      Note: This is also required with all accounts newly created that are non-IDP

    • Administrators can then elevate that user's permissions to have Administrator privileges.

The configuration process for your IDP will vary by 3rd party. Below are links to some of the more popular IDPs that your organization may be using:

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-General-Information.html

https://auth0.com/docs/authenticate/protocols/saml/saml-configuration

https://docs.pingidentity.com/bundle/solution-guides/page/xck1629907079074.html

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-setup-sso

Configurations Steps for the Client

The following 4 steps are for YOUR organization. In general, configuring your IDP will involve updating 1 or more of these settings.

  1. Configure a new application within your Identity Provider.

    * Make sure to specify the sign-on method as type SAML 2.0

  2. Configure the Single Sign-on URL within your newly created app

    https://{domainPrefixHere}.auth.us-east-1.amazoncognito.com/saml2/idpresponse

    * This URL is the pattern and not the actual URL, at the time of implementation, a LabLogs Implementation team member will provide the exact URL for your setup.

  3. Enter audience URI (SP Entity ID).

    Example: urn:amazon:cognito:sp:{userPoolId}.

    * This Entity ID is the pattern and not the actual ID, at the time of implementation, a LabLogs Implementation team member will provide the exact ID for your setup.

  4. Configure your IDP to pass the following claim attributes.

Claim Attribute Descriptions:

  • CustomerHashCode [Custom per install] This will be provided during the implementation phase.

  • providerUserId The unique identifier for the incoming user. This field can be a string, integer, or guid - it must however be unique. for the user.

  • firstName The user’s first name.

  • lastName The user’s last name.

  • emailAddress The email address associated with the user.

Configuration Steps for the LabLogs team

The following information is what we need FROM YOU in order to configure your Organization.

  • SAML Signing Certificate

  • Desired IDP Sign-In URL for the client application you just configured.

  • Desired IDP Sign-Out URL that the Lab Logs application should call when the user times out, or attempts to click the ‘logout’ button.

If you have any questions, please feel free to reach out to:

Electronic Lab Logs, Inc

Security Team

security@lablogs.co

Did this answer your question?