Configuring SSO

Consultation Manager supports SAML SSO.

Required Minimum System Role: Enterprise Admin

You can configure SSO in the Management area of the system.

First, navigate to Management (1), Single Sign On (2).

This will open a new panel where you can enter the details of your unique SSO configuration.

Type (3): Select the type of SSO configuration. Please note that only SAML is supported at this stage.

Enable Test Mode (4): Test mode will ensure the username and password boxes remain present on the login screen even when SSO is configured. In the event there are issues during setup, you can use your username and password to log in to Consultation Manager.

Sign Out Required (5): Single log out. Note, if yes, you must provide a signout URL either via Metadata XML URL or in the relevant Manual Metadata field.

Next, enter the Identity Provider Configuration details.

Entity ID (6): Your IDP Entity ID

Metadata (7): You can provide this 3 ways

  • Metadata XML URL: Provide your URL in the box below

  • Metadata XML Upload: Upload your XML file NOT YET AVAILABLE

  • Manual Metadata: Configure the metadata settings manually in the form below

Manual Metadata Settings include:

  • X509 Public Certificate (required)

  • Sign On URL (required)

  • Sign Out URL

  • Artifact Resolution Service URL (General required)

Next, enter additional metadata (9) to allow Consultation Manager to contact you in the event of changes to our provision of SSO.

Once you configure the IDP settings above, ensure Test Mode is enabled and click [Save] (10). Refresh your browser window at this point.

After refreshing, navigate back to the SSO configuration area and you will see the Service Provider Configuration and SAML Attributes. The Service Provider details should be used to configure your IDP. Please note that the below is an example only and is unique to your configuration. If you implement a new configuration, these details will be updated also.

Once configured on your end, log out and use the Single Sign On button (11) to log in.

See below for detailed guides to configuring SSO on Azure AD and Okta.

Azure AD