UniFi Identity Enterprise - SSO Apps Overview

SSO (Single Sign-On) enables users to sign in to multiple applications using a single set of authentication credentials. SSO Apps are configured connections between UniFi Identity Enterprise and external applications. Administrators can assign SSO apps to groups or individual users in UniFi Identity Enterprise, allowing users to access configured external applications with UniFi Identity Enterprise credentials.

The users can view and access the applications assigned to them in their Identity Enterprise Portal or Identity Enterprise endpoints.

  • Identity Enterprise Workspace: Go to your Identity Enterprise Workspace > APPLICATIONS.
  • Identity Enterprise desktop app: Open the UniFi Identity Enterprise desktop app and click Apps.
  • Identity Enterprise mobile app: Open the UniFi Identity Enterprise mobile app and tap the App  icon.

Requirements

  • Not all user roles will be able to view, configure, and assign/unassign users to SSO Apps on UniFi Identity Enterprise, see Workspace-Level Permissions - SSO Application Management for more details.
  • You can configure context-based security policies for your applications to determine whether the users have access to the applications, whether should they re-enter their password, or whether should they be authenticated by MFA based on their login attributes. See SSO Apps Policy and Rule for more details.

SSO Apps Assignment Admins

You can create SSO app assignment admins and let them assign added apps to users.

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to SSO Apps and select an added app.
  3. Go to Settings and enable "Designate app assignment admins".
  4. Go to Assignment Admins and click Add User.

Add Existing Apps

UniFi Identity Enterprise offers some preconfigured applications. These applications only need to be added and set up to function with their specific instance and configuration.

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Click SSO Apps.
  3. Click the Add New App icon and you will see all the preconfigured applications.
  4. Select an application and click Add. If you do not find the desired apps, Click Add Custom App to add apps. Refer to Create SAML Apps for more details.
  5. Fill in the following information for the app selected (Slack is shown below as an example):
    • App name: Modify the app's name.
    • Domain/Subdomain: Enter the domain name you set up on the chosen application platform, only the part before the application’s own domain is needed. For example, if you need to set up Slack and your Slack’s domain is “ui.slack.com”, then “ui” needs to be filled into the domain section.
    • App visibility: If “Do not display application icon to users” is checked, users who are assigned the application will not have the app shown in the APPLICATION section of their Identity Enterprise Portal.
  6. Click Next, then configure SAML 2.0 RelayState as per your application’s request. You can click View Setup Instructions to learn more.
  7. Click Done.

SSO Apps Expense Insights

Identity Enterprise simplifies expense management by automatically generating charts that illustrate each month’s estimated or actual expenses. This helps you ensure timely cancellation of subscriptions for unused or redundant applications to prevent unnecessary expenses.

Note: This feature is only available in the Identity Enterprise Standard Plan. To subscribe to it, please use your owner account to sign in to your Identity Enterprise Manager and go to Settings > Plan & Billing > Upgrade Plan.

  1. Go to your Identity Enterprise Manager > SSO Apps.
  2. Select an app and go to Settings > General Settings > Expense Analysis
  3. Enable Show app expense insights.
  4. If you want to receive push and email notifications for users who haven't accessed their assigned applications for a specified duration, enable Notify admins when users have been inactive for {specific period}, and specify the period.
  5. Click Save and you will see the Expenses section.
  6. Click Show More, and fill in the required information.
  7. Click Save. You can review SaaS usage and performance regularly in the app’s Overview tab.
Was this article helpful?
0 out of 2 found this helpful