Navvia supports Single Signon.
We have approached Single Signon with the view that the client wishing to use Single Signon must be (or must have) an Identity Provider that supports SAML 2.0. The client will utilize the Identity Provider capabilities to provide a Navvia link (which will log the client user into Navvia) to authenticated client users.
- Client users passed to Navvia that are not known to Navvia will have Navvia Essentials IDs automatically created if the auto create users option is specified. It will be the Client's responsibility to convert these clients and set permissions other than the default provided settings.
The Navvia Single Sign On supports the following features:
- The ability for Navvia SSO to automatically create and login users that are not defined in Navvia. This option, if chosen, is set by Navvia Support.
- Simple transformation. If 'auto create users' is not enabled and the userid provided is not defined in Navvia a lookup of the user’s email address is made within Navvia and existing userid already defined in Navvia will be used to log the user into Navvia.
If you are interested in utilizing the Navvia SSO offering please make sure you can meet the following requirements.
- The Identity Provider Metadata to be supplied.
- The Identity Provider login URL. When client logs out of Navvia they will be redirected to this URL.
- Delivery of the Navvia Metadata, certificate and Navvia logo for the Identity Provider.
- The following Mandatory and Optional attributes that are required during the assertion request:
- UserName field – Userid or email Address (Mandatory).
- Name field – Full Name of the User (Mandatory)
- EmailAddress field – User’s Email address (Mandatory)
- NavviaAccess field value – If set to “1” client will be able to login to Navvia. If set to “0” they will receive an error message that they are not authorized to access Navvia. If the attribute is not provided it will be defaulted to "1" and the user will be logged into Navvia (Optional)
- The assertion and response records must be signed. This will require an exchange of secuity certificates
- Decision on whether users will be automatically created if the user is not defined in Navvia or denied access
- Setting the schedule for configuring and testing the Navvia SSO with the client