Manage Identity Providers
As an administrator, you can provide a seamless authentication and login experience for your users by connecting your corporate SSO identity provider with the Digital.ai Platform.
The Digital.ai Platform uses your existing SSO infrastructure to securely authenticate users in Digital.ai applications and portals using the same corporate credentials they already use. Acting as a bridge between your identity provider (such as Okta or Azure AD) and your Digital.ai applications, the Digital.ai Platform grants access to those applications based on user data that already exists in your identity provider, eliminating the need for unique credentials in each application. This single point of entry also allows users to log in to the Digital.ai documentation, support, and community portals for a more personalized experience there as well.
It is possible to connect to multiple identity providers. However, Digital.ai recommends setting one identity provider as default to skip the Digital.ai login screen entirely and send users directly to your trusted identity provider login. For more information, see Set a Default IDP.
Authentication Protocol Procedures
In general, the Digital.ai Platform can integrate with identity providers that support the OIDC and SAML 2.0 protocols. The process for integrating each with Digital.ai Identity is fairly similar, but there are unique requirements depending on which protocol your company uses.
Click one of the following buttons to read the procedure for each protocol:
Key Concepts
Here are some basic concepts related to SSO that will help you better understand how everything works together:
- Identity provider (IdP): A single sign-on service that owns and maintains a directory of user credentials and an authentication mechanism. For example, Azure AD or Okta.
- Service provider: A web server that hosts a resource and provides access based on authentication information supplied by an identity provider. In this case, the Digital.ai applications such as Intelligence or Continuous Testing are considered service providers.
- Identity broker: An intermediary service that connects a service provider to an identity provider. The Digital.ai Platform, and more specifically Digital.ai Identity, is the identity broker between your IdP and Digital.ai applications such as Intelligence or Continuous Testing.
- Identity federation: A system of trust between two parties that links a user across each system without compromising security. As it relates to Digital.ai, the Platform handles user management by connecting to your IdP and then providing (federating) those users with access to your Digital.ai applications.
- SAML: Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication data across different systems. For more information on the SAML standard, see SAML 2.0.
- OIDC: OpenID Connect (OIDC) is a JSON-based open protocol that extends OAuth 2.0 to add authentication data and allow for multiple connections to one IdP. For more information on the OIDC protocol, see OpenID Connect.
The User Experience
When SSO is configured for your organization, an additional button appears on the Digital.ai Platform login page. When users click this button they are automatically passed over to your IdP for authentication.
You can specify the text on this button when you configure the SSO integration.
Additionally, once your Digital.ai applications are connected to the Platform, this Platform login page will appear for your users whenever they navigate directly to an application URL (from a bookmark or existing link). For more information about connecting applications, see Applications.
Once you have connected your identity provider to the Digital.ai Platform, we recommend that you no longer manage users in the individual Digital.ai products. Doing so may cause you to experience duplicate users, mismatched user info, or other inconsistencies.