Generic SSO
With the generic SSO configuration, Snow Atlas supports configuring an SSO provider that is not supported through a first party integration.
The generic single sign-on application registration is configured using OpenID Connect (OIDC). The configuration is not directly connected to a specific vendor, but you can use it when the provider that you have selected is not specified as an SSO provider supported on Snow Atlas.
Limitations
The generic single sign-on is limited to standard OIDC functionality. As generic SSO cannot respond to provider-specific logic, you must refer to your provider’s documentation to find out if a standardized OIDC flow meets the security requirements of your selected provider.
Supported features
-
ServiceProvider (SP) initiated SSO when you attempt to sign in from Snow Atlas
-
User provisioning to create the user on first sign in, when the feature is enabled in Snow Atlas
Requirements
-
The user is an administrator or equivalent in the SSO provider.
-
The user is a Snow Atlas system administrator.
Application permissions
The following permissions are required by the Snow Atlas generic single sign-on application registration:
Scope permission | Description |
---|---|
profile | Retrieves basic profile information about a user that is mapped to the user's profile in Snow Atlas |
email | A user's primary email address that is used to sign in to Snow Atlas and as contact information |
Configuration required
You are required to configure your SSO application for Snow Atlas. You must add the Snow Atlas single sign-on app to your organizations SSO. For more information, see Add Snow Atlas as SSO app.
The user must have the email claim set in your SSO provider.
You also require the relevant authority, client ID and client secret from the Snow Atlas SSO app in your single sign-on provider, which you need to set up the generic SSO as your SSO provider in Snow Atlas. For more information, see Find values to set up generic SSO configuration in Snow Atlas.