Single Sign-On Overview

Single Sign-On (SSO) allows your users to access Nitro's products by authenticating through your Identity Provider (IdP). Nitro supports SSO with any SAML-2.0 compliant IdP.

Note: This feature is only available to Nitro Productivity Suite Enterprise customers.

Prerequisites:

1. Your account must have a verified domain in order to set up and enable SSO. Visit this article for instructions on verifying your domain.
2. You will need the following information from your IdP:
   - Sign In URL
   - X.509 Signing Certificate

Set up SAML SSO

1. Once you have verified your domain, select Single Sign-On from the left-and menu in Nitro Admin

2. Click the Setup SAML SSO button.

3. Enter your IdP's Sign In URL and upload the x.509 Signing Certificate from your IdP. The x.509 Signing Certificate should be base 64 encoded and in a .cer or .pem format.

4. When these have been submitted successfully, you will be provided with the SAML Entity ID and ACS URL. Add these to your IdP.

5. In your IdP, also add a SAML attribute named employeeNumber. The value for this attribute should be a unique ID representing a user. Some examples of unique IDs include:

• Active Directory - http://schemas.microsoft.com/identity/claims/objectidentifier
• Okta - user.id

6. After adding the employeeNumber attribute, you may Enable Single Sign-On for your account from Nitro Admin.

Enable SSO

After completing the SAML SSO setup, toggle Enable Single Sign-On to Enabled.

Disable SSO

Toggle Enable Single Sign-On to Disabled.

Note: When SSO is disabled, users will need to log in with their Nitro account username and password.

Removing an IdP Configuration

To remove the IdP configuration, click the Remove Configuration button.

Note: Removing an IdP configuration will disable SSO for your account.

Step-by-step instructions for various IdPs:

• For detailed instructions on setting up SSO for Azure AD, please refer to: https://www.gonitro.com/user-guide/admin/article/sso-azure.