UniFi Identity Enterprise - SSO Apps Overview

Notes

• This is an early access (EA) feature. To apply for a free trial, please use your owner account to sign in to your Identity Enterprise Manager and go to Settings > Plan & Billing > Feature Usage > Apply for Plan Add-Ons.
• Not all user roles will be able to view, configure, and assign/unassign users to SSO Apps on UniFi Identity Enterprise, see Workspace-Level Permissions - SSO Application Management for more details.
• You can configure context-based security policies for your applications to determine whether the users have access to the applications, whether should they re-enter their password, or whether should they be authenticated by MFA based on their login attributes. See SSO Apps Policy and Rule for more details.

SSO (Single Sign-On) enables users to sign in to multiple applications using a single set of authentication credentials. SSO Apps are configured connections between UniFi Identity Enterprise and external applications. Administrators can assign SSO apps to groups or individual users in UniFi Identity Enterprise, allowing users to access configured external applications with UniFi Identity Enterprise credentials.

• Provisioning: Some SSO applications support provisioning. UniFi Identity Enterprise uses the Security Cross-domain Identity Management (SCIM) protocol for user provisioning.
• Supported SSO Protocols for UniFi Identity Enterprise:
  • System for Cross-Domain Identity Management (SCIM)
  • Secure Authentication Markup Language (SAML)

The users can view and access the applications assigned to them in their Identity Enterprise Portal or Identity Enterprise endpoints.

• Identity Enterprise Workspace: Go to your Identity Enterprise Workspace > APPLICATIONS.
• Identity Enterprise desktop app: Open the UniFi Identity Enterprise desktop app and click Apps.
• Identity Enterprise mobile app: Open the UniFi Identity Enterprise mobile app and tap the App  icon.

SSO Apps Assignment Admins

You can create SSO app assignment admins and let them assign added apps to users.

1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

2. Go to SSO Apps and select an added app.
3. Go to Settings and enable "Designate app assignment admins".
4. Go to Assignment Admins and click Add User.

Add Existing Apps

UniFi Identity Enterprise offers some preconfigured applications. These applications only need to be added and set up to function with their specific instance and configuration.

1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

2. Click SSO Apps.
3. Click the Add New App icon and you will see all the preconfigured applications.
4. Select an application and click Add. If you do not find the desired apps, Click Add Custom App to add apps. Refer to Create SAML Apps for more details.
5. Fill in the following information for the app selected (Slack is shown below as an example):
   • App name: Modify the app's name.
   • Domain/Subdomain: Enter the domain name you set up on the chosen application platform, only the part before the application’s own domain is needed. For example, if you need to set up Slack and your Slack’s domain is “ui.slack.com”, then “ui” needs to be filled into the domain section.
   • App visibility: If “Do not display application icon to users” is checked, users who are assigned the application will not have the app shown in the APPLICATION section of their Identity Enterprise Portal.
6. Click Next, then configure SAML 2.0 RelayState as per your application’s request. You can click View Setup Instructions to learn more.
7. Click Done.