Powered by its Identity & Access Management platform Carerix offers multiple ways to setup Single Sign-On. It allows customers to configure various identity providers for user authentication. This article provides a step-by-step overview of the process of configuring an identity provider for Carerix based on SAML 2.0 or ADFS.
Setup your ADFS/SAML Application
Before you start in Carerix - make sure you have an ADFS / SAML application configured to be used.
👥Usernames in Carerix
To be able to successfully use an ADFS / SAML identity provider in Carerix it is necessary to make sure that all Carerix usernames are equal to the email addresses of those users registered in the ADFS / SAML application.
🛠️Setup ADFS / SAML in Carerix
🔹1. As a Carerix System Administrator, go to the Identity Access Menu, which can be found in the maintenance section of the left side menu.
🔹2. After opening the menu: in the main screen choose the Idenity Providers tab
🔹3. Now on top of the main screen select the button 'Add Identity Provider'
🔹4. In the drop down select ADFS/SAML
🔹5. On the right side a modal window slides in where your ADFS / SAML in Carerix can be configured.
🔹6. Import/upload the metadata data obtained from your ADFS / SAML application to Carerix clicking on the 'Choose file' button.
🔹7. Fill out an 'Alias' - Note: this cannot be changed afterwards
🔹8. Indicate if you want this option ACTIVE or not on the Carerix login screen
🔹9. Select a 'Display name' - this value will be used on the button on the login screen. You can change it at any time coming back to the Identity Providers menu.
🔹10. Indicate whether the certificates signature should be validated for every auth request. If YES, one should realise that once the signature is expired, logging in into Carerix is not possible anymore. To avoid users being locked out of Carerix the certificate and its signature and the corresponding metadata in Carerix should be renewed prior to expiration.
🔹11. Leave Automatically redirect on NO for the first setup. In case you have successfully tested your ADFS / SAML setup this setting can be set to YES. If YES is selected users will automatically be redirected to the login page of your ADFS / SAML application. The login screen of Carerix will be skipped.
🔹12. Authn request should be signed - this setting depends on your ADFS/SAML application setup.
🔹13. Assertion should be signed - this setting depends on your ADFS/SAML application setup.
🔹14. Assertion should be encrypted - this setting depends on your ADFS/SAML application setup.
🔹15. Click the save button at the bottom of the modal window to finish the setup
🔹16. Now open your newly created IDP again from the grid. The right side modal will open again but it looks slightly different. Notice that the Metadata URL now is being displayed.
🔹17. Copy the metadata url and register it in your ADFS setup.
🔹18. Log off from Carerix and try to login using the new button available in the login dialogue box.