Civis Platform supports Single Sign On (SSO). This feature, once turned on, enables users in your organization to log into the platform using their single sign on credentials. For some identity providers, it also automatically activates and deactivates users based on their status in your system.
Civis Platform currently supports the following identity providers. Instructions for setting up SSO for each identity provider are provided below.
- Okta
- OneLogin
- Active Directory Federation Services (ADFS) - beta feature
- G Suite
- Other identity providers that support SAML are in beta. Please let us know if you are interested in using Civis Platform with another identity provider.
If your identity provider allows you to upload Civis' logo, you can download it from here.
Civis Analytics Security Team strongly suggests that customers enable the use of their own SSO provider to manage their users. This enhances the security posture of both Civis Platform and the Customer for the following reasons:
- Mitigates having two separate systems managing users and passwords
- Allows the customer to disable their own users.
- Places the security boundary for logins inside the customer's security perimeter
- Allows customers to mandate U2F keys and other security tools via their own SSO configuration
- Gives customers insights into Civis Platform login activity via their own SSO provider
Each user that will access Civis must be provisioned in Platform before they can log in with SSO. If you are interested in automatic user provisioning, please submit a feature request.
Support for IdP-initiated Login
By default, our SSO implementation allows for logging in from your SSO portal and from platform.civisanalytics.com. This allows users to share Platform links that will log in via SSO as needed. We also offer a more private version of our SSO feature that allows logins from your SSO portal only. This is more burdensome for users, but if you are interested in this version, you can request the IdP-only version from support@civisanalytics.com.
Identity Provider Setup
Setting up Civis Platform in Okta
First, please contact your IT department and ask them to configure the Civis Platform as an application. The Civis Platform app is a pre-integrated app in the Okta Integration Network.
Setting up Okta in Civis Platform
Ask your IT department to provide the following information and please forward it to support@civisanalytics.com.
- Signing Certificate
- Identity Provider SAML URL
- Identity Provider Login URL
Once you have sent this information, your Client Success Analyst can enable SSO for your organization.
Setting up Civis Platform in OneLogin
First, please contact your IT department and ask them to configure the Civis Platform as an application. The Civis Platform app is a pre-integrated app in the OneLogin App Catalog.
Setting up OneLogin in Civis Platform
Ask your IT department to provide the following information and please forward it to support@civisanalytics.com.
- X.509 Certificate
- Issuer URL
- SAML 2.0 Endpoint (HTTP)
Once you’ve sent this information, your Client Success analyst can enable SSO for your organization.
Active Directory Federation Services (ADFS) - beta feature
Setting up Civis Platform in ADFS
First, please contact your IT department and ask them to configure the Civis Platform as a custom application. They will be asked to enter the following information:
- Reply URL: https://platform.civisanalytics.com/users/saml/auth
- Identifier: https://platform.civisanalytics.com/users/saml/metadata
- User Identifier: “user.mail”
Setting up ADFS in Civis Platform
Ask your IT department to provide the following information and please forward it to support@civisanalytics.com.
- SAML Signing Certificate - Base64 encoded
- SAML Entity ID
- SAML Single Sign-On Service URL
Once you’ve sent this information, your Client Success analyst can enable SSO for your organization.
Setting up Civis Platform in G Suite
First, please contact your IT department and ask them to configure the Civis Platform as a custom SAML application. They will be asked to enter the following information: (see screenshot below)
- ACS URL: https://platform.civisanalytics.com/users/saml/auth
- Entity Id: https://platform.civisanalytics.com/users/saml/metadata
- Start URL: Leave blank
- Name ID: Set to “Basic information” and “Primary Email”
- Name ID Format: Set to “EMAIL”
They will also need to map the following Attribute Mappings: (see screenshot below)
- first_name > Basic Information, First Name
- last_name > Basic Information, Last Name
- email > Basic Information, Primary Email
Setting up G Suite in Civis Platform
Ask your IT department to provide the following information and please forward it to support@civisanalytics.com.
- Certificate
- Entity Id
- SSO URL
Once you’ve sent this information, your Client Success analyst can enable SSO for your organization.
Comments
0 comments
Please sign in to leave a comment.