Spinetix – ARYA – SSO Activation
Description
Deliverables & Requirements:
The SpinetiX Professional Services team can help you set up, configure, and activate SpinetiX ARYA SSO. Customers must be available to collaborate with SpinetiX according to the below process to setup the SpinetiX ARYA SSO Activation:
1. The customer agrees on an SSO setup offer from SpinetiX.
2. The customer chooses which protocol to use, either OpenID Connect (OIDC) or SAML 2.0. In general, OIDC should be preferred as it is a modern protocol, but some directories only support SAML 2.0.
3. The customer agrees with SpinetiX on its unique SSO identifier, which should be a short friendly string, generally the company name, composed of letters, numbers, hyphen and underscore.
4. SpinetiX sets up a SpinetiX ARYA enterprise account for the customer, if not already done, which assigns an account ID to the customer. This account will be the default account for new users signing in via SSO.
5. The customer does the OIDC or SAML 2.0 application setup on his own directory according to SpinetiX instructions.
6. The customer must restrict access to the OIDC or SAML 2.0 application to the users which are allowed to use SpinetiX ARYA.
7. The customer chooses its desired refresh token expiration (e.g., 12 hours); this is the time after which a user signed-in on the SpinetiX cloud needs to re-authenticate with the customer’s directory and is thus the maximum time it takes for a user blocked in the customer’s directory to be blocked on the SpinetiX cloud. The minimum is 1 hour.
8. The customer provides the OIDC or SAML 2.0 application information to SpinetiX (e.g., client ID, secret, discovery URL, metadata URL), refresh token expiration and any non-standard claims.
9. SpinetiX does the provisioning of SSO for the customer with the information provided by the customer.
10. The customer verifies that SSO is working as expected.
11. If the customer defines an OIDC client secrets he arranges with SpinetiX for secret rotation a few weeks before the secret expires.