Configure SSO

Configuring Single Sign-On in ASSURE is only part of a larger process that involves configuring your authority's SSO service providers. Only then will you be in a position to complete many of the fields on this screen. NEC Software Solutions can provide further guidance on request.

The changes that you can make here fall into three categories:

  • Cosmetic: These changes can simply be saved.

  • Reconfiguration: These changes require confirmation, but will reconfigure ASSURE immediately.

  • Restart: These changes mean that the application must be restarted.

Configuring SSO

To configure Single Sign-On (SSO) for your authority:

  1. On the System Administration screen, under General, click SSO Configuration.

    The SSO Configuration screen appears.

  2. Under Legacy Configuration, you can preserve the ability for users to login with a registered email address and password, until you are ready to adopt SSO for both authority and public users.

    Legacy Configuration

    Field

    Description

    Allow Legacy Login

    Whether the legacy configuration is available.

    Server Variable

    Legacy Host Mask

    An IIS server variable, and all or part of the expected value of that variable. If these do not match, the configuration is effectively disabled.

    If left blank, HTTP_HOST and localhost are assumed.

  3. Under Authority Configuration and Public Configuration, specify the separate SSO details for these groups of users.

    Note that "public access" includes applicants, agents, statutory consultees, and local consultation users, as well as registered members of the public.

    Authority and Public Access Configuration

    Field

    Category of change

    Description

    Enabled

    Restart

    Whether SSO is enabled for this group of users.

    Server Variable

    Host Mask

    Cosmetic

    An IIS server variable, and all or part of the expected value of that variable. If these do not match, the configuration is effectively disabled.

    Scope

    Reconfiguration

    A comma-delimited list of information explicitly required from the provider.

    By default, this is set to openid.

    Name of SSO Provider

    Cosmetic

    A descriptive name for this provider.

    Provider Type

    Restart

    One of the following supported types:

    • OAuth 2.0 with JWT

    • OAuth 2.0 with SAML

    • OpenID

    Client ID

    Client Secret

    Authorisation URL

    Token URL

    User Info Endpoint

    Reconfiguration

    The specific parameters of your installation and SSO provider.

    Return Redirect URL

    Reconfiguration

    The redirect URL of ASSURE if the SSO provider is being called from elsewhere.

    Log Off Alternative Text

    Cosmetic

    An alternative command to replace the Log Out option on the Hello, Your Name menu.

    For example, Return to Council Intranet (for authority users) or Return to Council Website (for public access).

    SSO Log Off Redirect

    Cosmetic

    The URL to which the user is redirected when they log out from ASSURE.

    For an authority user this can usually be left blank.

  4. Click Save.

    • If you have made any changes that require a restart, the following reminder appears:

      The SSO Configuration has been saved successfully. You must restart the application for changes to take effect.

    • If you have made any changes that require reconfiguration, the following appears:

      To apply changes to the current system, press Reconfigure SSO

    • If you have made only cosmetic changes, no further action is required.