RLDatix (PX) API Documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Welcome to RLDatix's API documentation
  2. /
  3. Other
  4. /
  5. Single Sign On SAML 2.0

Single Sign On SAML 2.0

RLDatix supports enterprise single sign-on (SSO) using the SAML 2.0 standard (http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). Authentication is supported via both IDP and SP workflows and allows for JIT user provisioning.

RLDatix uses OneLogin’s SAML Python Toolkit. https://github.com/onelogin/python3-saml

RLDatix requires AuthNRequest and LogoutRequest are signed

Setup Requirements

SSO integration requires coordination between your IT department and the RLDatix implementation team. The data that needs to be prepared prior to the integration is:

  • Metadata xml file. The metadata file should follow the SAML 2.0 standard and include all of the information necessary for RLDatix to validate the authentication request with the identity provider. Your IDP system should be able to generate this file.
  • Socialclimb requires two Attributes/Claims in order to enable JIT user provisioning.

Required Attributes(Claims) 

<Attribute Name="Role">
  <AttributeValue>Administrator</AttributeValue>
</Attribute>

Role can be Administrator, Office Staff, Location Admin

<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
  <AttributeValue>exampleuser@yourdomain.com</AttributeValue>
</Attribute>

Email should be valid and match the IDP users identity

Frequently Asked Questions

  • Does RLDatix support SHA256 signed tokens - Yes
  • Does RLDatix support/require signature verification of AuthNRequests? Yes
  • How are user accounts deprovisioned and terminated - Accounts can be deprovisioned and/or terminated either through the RLDatix interface or API.

User Provisioning

  1. Within your IDP add required attributes to the users your expect to be using RLDatix
  2. The user can then use IDP initiated or SP initiated SSO and have the user JIT provisioned

User Deprovisioning

  1. Go to the user accounts https://app.socialclimb.com/app/user-accounts
  2. Edit the user using the more options icon on the right side
  3. Scroll to the bottom and hit the trashcan icon to delete the user
  4. You will need to remove the RLDatix Role attribute within your IDP to prevent the user from being JIT provisioned again.

Support Information

gdoc_arrow_left_alt Security Disclosure