šŸ”

Set up SSO authentication for your account

If your company is using an identity provider, your IT department can configure a SAML authentication protocol for your Nucla Network and/or Group. This will make logging into your account easier and safer.

Please reach out to support@nucla.com if you have questions about the setup process or are having trouble logging in to Nucla through your company's SSO portal.

Technical Requirements

Nucla integrates with any single sign-on (SSO) identity provider that supports the SAML protocol.

To set up SSO authentication for your account, you must:

  • Be an Administrator of your Network or Group
  • Enable SSO on your Network or Group settings
  • Upload your Federation Metadata File (XML) with the EntityID, Reply URL, and NAMEID information provided by Nucla

Please contact your Customer Success Manager if you have not received this information.

Steps to Configure SSO

  1. Enable SSO from your Nucla Network or Group General Settings page.
    2. image
    šŸ”“
    There is another checkbox labeled Disable Nucla Auth. Check this box if you wish to restrict authentication to Nucla to your active directory domain or intranet.
  2. Upload your Federation metadata XML file. Please share this information with your IT department so they can generate the correct file that you can upload to your Nucla settings.
    3. EntityId: KITEsrm
Reply URL: This unique URL will include your group or network ID.  
NAMEID: must be set to `email` in your directory service configuration.
    image

    After uploading you should see the file name render to show it has completed successfully.

    image
    āš ļø
    SAML certificates have an expiration date (typically 3 years). Once your certificate expires, ensure you re-upload a valid certificate.
  3. For Network SSO, select a default authorization group. This is the group users will be automatically added to if it's their first time using Nucla.
    4. image
    šŸ› 
    User's with an existing account will not be automatically added. They will need to be added manually through the respective on Nucla.
    ā€£
    Group Routing Configuration (Optional - Network SSO Only)
  1. Success! You have enabled SSO for your Network or Group on Nucla. This can be re-established or disabled at any point from your account settings.
    2. image

Optional - Service Provider Initiated SSO

You can generate a Service Provider Initiated (SPI) SSO link after you have enabled SSO for your group or network. You can click on ā€œEnable Sign In Linkā€ to generate a SPI SSO link.

image

After it is enabled you will see a link that you can provide to your network. Visiting this url will redirect your users to your IDP where they can sign in. After they sign in they will be redirected and logged into Nucla.

image

Clicking the edit button in the right hand corner will allow you to edit the url to your liking. Please note, you can only use alphanumeric characters with underscores or hyphens.

šŸ’”
Group Level SPI SSO links will not be available if network SSO is enabled.