Single Sign-On

Overview

The Softlinx Web Portal supports single sign-on (SSO) via the Security Assertion Markup Language (SAML). After authenticating with their Identity Provider, an SSO user will have access to the Softlinx Web Portal faxing pages. The first time a SSO user accesses the Web Portal, a corresponding Replix fax user will be created. A fax number and other user attributes can be mapped from the Identity Provider to the newly created Replix user.

The Web Portal administrator will see the SSO users listed in the user list and can change attributes for these users just like they can with non SSO users.

Web Portal SSO users are created the first time an SSO user accesses the Web Portal after being authenticated by their IDP.

If the fax number attribute is mapped, then the fax number must be added to the Replix system prior to the SSO user logging into the system.

Attributes Supported

When the IdP responds with the assertion, it can optionally contain attributes (claims) about the user. The Web Portal supports the following attribute (claim) names:

  • Fax
  • Name
  • FistName
  • LastName
  • Email
  • Phone
  • Address1
  • Address2
  • Company
  • Title
  • ProjectCode1
  • ProjectCode2
  • DepartmentName

Permission claims:

  • FaxAdmin
  • DepartmentAdmin
  • DepartmentPrivUser

Only one permission claim per user will be recognized. The lowest permission will take precedence. For example, if both the FaxAdmin and DepartmentAdmin claims are set for a user, the user will be granted department administration permissions. The FaxAdmin claim will be ignored.

Fax portal administrators can have a combination of individual privileges. If the user should get all of the privileges, then set the claim to "YES". Otherwise set the claim value to a comma separated list of the following options: batches, contacts, coverpages, departments, faxback, numbers, settings, users, view.

If either the DepartmentAdmin or DepartmentPrivUser claim is being used, set the value to "YES".

Note: Claim names are CASE sensitive.

Claims are configured in the Identity Provider. If the claims are present in the assertion when the user first tries to log on to the Web Portal, the attributes will be used when the corresponding Replix user is created. The attributes will NOT be used on subsequent logons. If user information changes, the administrator must use the Web Portal to change the appropriate values.

Note: FirstName and LastName will be concatenated into the Replix user’s Name field. They will only be used if the Name attribute is not in the assertion.

Configuration

Follow the steps documented here to configure SSO.