SSO Integration

You can use single sign-on using SAML or Azure AD to authenticate workbench members.

Workbench members are identified within Atomic by a unique email address, supplied by your authentication provider, as part of the authentication flow.

SAML

To use SAML SSO with Atomic, you'll need to set up a custom SAML application in your authentication provider, which includes the user’s email address in an attribute.

Contact us for the Identifier and Reply URL details.

Once set up, contact Atomic with the following:

• The IdP metadata XML file for the SAML application
• The name of the SAML attribute which contains the user's email. (For example http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress)
  • The user's email should be provided in lowercase

Once we have this file, we'll configure our system. Then, your users can choose SSO from the Workbench login screen, enter your organization id, and authentication will be delegated to your provider.

Note, a unique email address must be provided as a SAML attribute, so that users can be identified within Atomic. When logging in with SSO for the first time, user details will be merged with any existing workbench account for the same email address.

Azure AD

Contact us for the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) details.

Then, set up a new enterprise application in Azure:

1. Sign in to the Azure portal.
2. On the left navigation pane, select the Azure Active Directory service.
3. Navigate to Enterprise Applications and then select All Applications.
4. To add a new application, select New application.
5. Select Create your own application. Enter a name for the application, select Integrate any other application you don't find in the gallery (Non-gallery), and then click Create.
6. Once the application is created, add Users and groups to the application.
7. From the navigation pane, go to Single sign-on and click the SAML tile.
8. In the SAML-based sign-on page, find the SAML Signing Certificate section and download the Federation Metadata XML.
9. Go to Azure AD > Your application > Single Sign-on > Basic SAML Configuration section > Edit
10. Confirm email claims match this url:
    • Email: https://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
11. Send the Federation Metadata XML file to Atomic (downloaded in step 8) and let us know if the email claims match (what you checked in step 10). Contact us.
12. Atomic will then configure the Atomic side and provide a login url where you can test out the integration.