Configuring Single Sign On
Service Provider Configuration
To configure NLPatent as a service provider with your Identity Provider, the following configuration parameters are needed:
Entity ID: https://api.nlpatent.com/auth/sso/metadata
Assertion Consumer Service (ACS) URL: https://api.nlpatent.com/auth/sso/acs
Sign On URL: This is a URL unique to your NLPatent client account that allows you to sign into NLPatent via your SSO provider. This can be found in your NLPatent SSO Configuration page.
Following your specific identity provider’s instruction on how to add a new service provider, fill in the information above in their corresponding fields to configure your identity provider’s authentication process to work with NLPatent as a service provider.
Attribute Mapping
For us to correctly match user to their NLPatent accounts, the SAML payload will need to contain the following attributes or claims.
- first_name
- last_name
It should look something like the images below in your identity provider config.
Identity Provider Configuration
Your identity provider creates a few configuration parameters that you need to enter into your SSO Configuration page. These are:
- Entity ID
- SSO Target URL
- X509 Certificate
These should look something like this:
Copy and paste these into the SSO Configuration page and click Submit. Note: you must be an Admin of your account to access the SSO Configuration page.
Once you've done this, you should test your integration to ensure it's working as expected and users in your organisation can successfully login via SSO.
Further Configuration Options
Disabling Username + Password Login
Once you've confirmed that your SSO integration is working correctly, you will probably want to disable username/password authentication for your account so that the only way users can login to your account is through SSO.
In order to do that, just let us know by emailing support@nlpatent.com saying you "wish to disable username/password login for your account" and we will action this for you.
Disabling Automatic Account Provisioning
By default, new users will be automatically provisioned in the NLPatent platform when signing in via SSO (assuming you have available seats in your plan). If you do not want new users to be automatically provisioned, then please let us know and we will disable this feature.
Any questions or help you need should be forwarded to support@nlpatent.com.