Instructions for setting up SSO for your portal and frequently asked questions
NextRequest currently supports SAML 2 based Single Sign On (SSO) on certain packages. If you do not have SSO as a part of your package and would like to add it please reach out to your Account Manager or firstname.lastname@example.org.
What is Single Sign On (SSO)?
Single sign-on (SSO) is a user authentication service that permits a user to use one set of login credentials - for example, an email and password - to access multiple applications. SSO can be used by enterprises, smaller organizations and individuals to ease the management of various usernames and passwords. For government employees this typically means being able to login to various applications you need to use for your job with the same login credentials.
How does SSO work in NextRequest?
Once SSO is enabled, users will be able to login through a link on the Sign In page that states: "STAFF MEMBERS: Sign in with your [agency] user name"
If the user has a NextRequest account set up under their email address already they will be logged into that account. If they do not yet have a NextRequest user account, but are in your SSO instance, they will be logged in as a user with requester level permissions (Guest user role). You can learn how to update their user role in our help article here.
How to set up SSO in your portal:
- Login as an Admin user
- Click Admin in the upper right hand corner of the page
- Go to Portal Settings
- On the bottom left under Add Ons click on Single Sign On (SSO):
- In the middle of the page you will see instructions for setting up SSO on your end
The exact process to set up the SSO integration depends on the application we will be integrating with, but the configuration page will include the information you need to complete the setup on your end:
- Identifier (Entity ID)
- Reply URL (Assertion Consumer Service URL)
Note: Please also ensure that we receive the user's email address as a claim, with the name "email". This email address will be used as our account's identifier.
- Input your SSO Endpoint (login URL) and Certificate (in Base 64 format) in the fields provided and Save
- To test the SSO configuration click on the login that states "STAFF MEMBERS: Sign in with your [agency] user name" on the SSO configuration page
- If you are able to successfully login via the test link, enable the SSO link on your sign in page by checking the box and Save:
What if we already have SSO set up, do we need to change our configuration?
No, if you have already set up SSO before the self serve option was available you do not have to switch. If you would like to switch please reach out to email@example.com and we are happy to enable it for you to self serve.
I'm not sure how to set this up on our end, can you help?
We are happy to help answer any questions you may have, however set up on your end is entirely dependent on which service you are using and your existing configuration. We recommend following up with your SSO provider for additional information on how to configure new applications for SSO. We've included helpful resources below for common service providers:
- Active Directory (ADFS)
- Azure AD: