Single Sign-On (SSO) Integration

Administrator -

This article provides information about user single sign-on (SSO) integration options that are available for your Enterprise Account.

Purpose

Administrators can enable Single Sign-On (SSO) for their Enterprise Account users, to allow them to log in to their XMedius Cloud account (including all subscribed services) using the same login credentials and authentication process that they are already using for other applications and services of their corporate environment.
Note: It is recommended to read all the information provided in this article before starting your SSO configuration, in order to get the expected results according to your corporate environment and needs.

Supported SSO Protocols & Configurations

The XMedius cloud platform supports the following protocols:

WS-Fed / WS-Trust

This protocol is only usable for configuration with AD FS.

For the configuration, see: Enabling SSO with Active Directory (AD FS) – Using WS-Fed / WS-Trust.

SAML 2.0

This protocol is usable with many Identity Providers – including AD FS, Okta and F5, among others.


Supported Client Integrations & Restrictions

In the following table:
  • Dots "•" indicate all client integrations that will work once the SSO configuration is done in your enterprise account.
  • Asterisks (*), (**) indicate specific client integrations that can work – subject to additional configuration and/or restrictions mentioned in the corresponding footnotes.
  • If the cell is empty, this means that the client integration does not currently support the corresponding SSO protocol.
WS-Fed / WS-Trust SAML 2.0
Web applications (in XMedius Portal)
SendFAX – version 8.1.0.153+
XM SendSecure for Outlook – version 2.0.0.075+
MFP connectors configured in "shared account" or "device login" mode
MFP connectors configured in "user prompt" mode (*) (**)
Mobile Apps (XM Fax & XM SendSecure) (*)
XM Fax Print To Web printer

(*) The public IP address of your AD FS server must be added to an internal white list. Please contact the XMedius Technical Support Team if you need to have this configured (i.e. only if using these client integrations).

(**) Users will have to authenticate using their email address (and not the username defined in their XMedius Cloud account).

User Accounts in SSO Context

Even with the SSO functionality enabled, it is always required to create user accounts within the Enterprise Account. SSO will apply to all user accounts created either before or after enabling the functionality.

You must also be aware of some behaviors and requirements related to SSO activation (Password / Email Address Required to Log in / Two-Factor Authentication).

Creating User Accounts

A tool (AD Sync) can be used to ease the user account creation process by synchronization with your Active Directory (see Synchronizing Users from Active Directory).

Another tool (XMedius Cloud User Importer) is also available on GitHub to import users using a CSV file (see https://github.com/xmedius/xmc-user-importer).

Otherwise, the XMedius Cloud Platform always allows administrators to create user accounts, either manually or by sending invitations (see Managing Users).

Password

In SSO context, users won't need a password dedicated to their XMedius Cloud account (even if such a password can technically be defined) because they will use the password of their corporate account. As such:
  • Administrators have the option to manually create user accounts with no password.
  • The form to create an account following a User Invitation does not ask users to set a password.
Note: If you are using the AD Sync tool, it is recommended to set the option disable_emails, which disables the automatic sending of password setup emails to newly created users.

Two-Factor Authentication

In SSO context, XMedius Cloud user accounts cannot be configured for Two-Factor Authentication (2FA). However, your Identity Provider may technically allow to enable 2FA on its side.

Have more questions? Submit a request

Comments

Powered by Zendesk