Skip to main content
All CollectionsUGCUGC SettingsUGC SSO
Getting Started with Single Sign-On for UGC
Getting Started with Single Sign-On for UGC
Dan Macarie avatar
Written by Dan Macarie
Updated over a year ago

Nosto Single Sign On (SSO) for UGC is designed to work with organizations own Identity Provider services, such as Active Directory and LDAP, as well as online SAML services, such as Okta, Google, and SalesForce.

This option allows customers to use an existing secure password instead of creating a brand-new one for the platform. This is ideal for businesses with strict security policies as it:

  1. allows businesses to enforce their password standard because you can only enter it through their system;

  2. allows businesses to revoke access to any system at any time by changing or disabling the password;

  3. allows for better control over password reset;

  4. Stops staff from sharing their accounts.

Generate the ADFS Metadata

For Nosto to enable Single Sign On, Nosto needs to be provided with the Active Directory Federation Services (ADFS) Metadata file (federationmetadata.xml) that has been set up for their respective Identity Provider (IdP). You will also need to provide Nosto with the rules to determine which users will be forced to authenticate via the IDP. The available rules for the client are:

  • To specify a specific domain or domains where all users who have an email address associated with that domain to be forced to authenticate via the IDP

  • To specify specific users (based on email address) to be forced to authenticate via the IDP

Please provide this file to your Customer Success Account Manager so they can configure access for the relevant users.

ADFS Relying Party Configuration

Once Nosto has received the Active Directory Federation Services (ADFS) Metadata file, it will create the IdP configuration within Nosto and apply these rules to the specified user(s) based on the rules specified by the client.

Once this process has been completed, Nosto will provide back to the client with an SP Metadata file (spmetadata.xml) which can be used to configure the Relying Party within ADFS.

The XML file will contain the following details from Nosto:

  • Entity Descriptor

  • Single Logout Service Endpoint

  • NameID Format

  • Assertion Consumer Service Endpoint

  • Organisation Details

Whilst specified within the SP Metadata file, customers may still need to configure a Relying Party Claim Rule within their ADFS environment.

The settings for this claim rule are:

  • Incoming Claim Type: NameID

  • Outgoing Claim Type: NameID

  • Outgoing Name ID Format: Email

For any further questions or queries, please send an email to support@nosto.com and our support team will get back to you.

Did this answer your question?