Single Sign-On (SSO) allows your organization to integrate Prisme.ai with your existing identity provider, enabling secure, streamlined authentication while maintaining central control over user access and permissions. This page provides comprehensive information about SSO implementation, configuration, and management in Prisme.ai.

Benefits of SSO Integration

Enhanced Security

Enforce your organization’s security policies including password requirements, MFA, and conditional access

Simplified Access

Users can access Prisme.ai without maintaining separate credentials

Centralized Control

Manage user access from your existing identity management system

Improved Compliance

Meet regulatory requirements for authentication and access control

Supported Identity Providers

Prisme.ai supports SSO integration with all major identity providers that implement standard protocols:

Microsoft’s cloud-based identity and access management service:

  • Azure AD Free
  • Azure AD Premium P1/P2
  • Microsoft Entra ID

Supports both SAML 2.0 and OpenID Connect protocols.

Authentication Protocols

Prisme.ai supports the following authentication protocols for SSO:

SAML 2.0

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between an identity provider and a service provider.

OpenID Connect (OIDC)

OpenID Connect is an authentication layer built on top of OAuth 2.0, providing a standardized way to verify user identity.

Setting Up SSO for Your Organization

Follow these steps to configure SSO for your Prisme.ai instance:

1

Contact Support

Reach out to your Prisme.ai account representative or support team to initiate the SSO setup process

2

Choose Protocol

Select either SAML 2.0 or OpenID Connect based on your identity provider’s capabilities and your organization’s requirements

3

Configure Your Identity Provider

Add Prisme.ai as a service provider or application in your identity provider’s dashboard

4

Exchange Configuration Information

Provide Prisme.ai with the necessary configuration details from your identity provider, and configure your IdP with information provided by Prisme.ai

5

Map User Attributes

Configure how user attributes (name, email, groups, etc.) from your identity provider map to Prisme.ai attributes

6

Test the Integration

Verify the SSO setup works correctly with test accounts before rolling out to all users

7

Deploy to Users

Once testing is successful, enable SSO for your organization’s users

User Provisioning and Deprovisioning

In addition to authentication, Prisme.ai supports automated user lifecycle management:

SCIM Provisioning

System for Cross-domain Identity Management (SCIM) allows for automated user provisioning and deprovisioning:

Just-in-Time Provisioning

For organizations not using SCIM, Prisme.ai also supports just-in-time (JIT) provisioning:

  • Users are automatically created on their first login
  • User attributes are populated from the SSO identity assertion
  • Permissions can be assigned based on group attributes in the assertion

Role-Based Access Control with SSO

Integrate your organization’s group structure with Prisme.ai’s permission system:

1

Define Group Attribute

Configure which attribute in your identity provider contains group or role information

2

Create Role Mappings

Define how identity provider groups map to Prisme.ai roles

3

Apply Granular Permissions

Configure workspace and resource-level permissions based on roles

4

Test Access Controls

Verify that users receive appropriate permissions based on their group memberships

Multi-Factor Authentication

Enhance security with multi-factor authentication (MFA):

Identity Provider MFA

Use your identity provider’s MFA capabilities with SSO

FIDO2/WebAuthn

Support for hardware security keys and biometric authentication

Time-based OTP

Compatibility with authenticator apps like Google Authenticator

Conditional Access

Apply MFA based on risk factors like location or device

SSO for Self-Hosted Deployments

For customers using Prisme.ai in their own infrastructure:

Monitoring and Troubleshooting

Maintain visibility into your SSO implementation:

1

Access Audit Logs

Review authentication events in the Prisme.ai audit logs

2

Monitor IdP Logs

Check your identity provider’s logs for authentication issues

3

Verify Configuration

Ensure metadata and certificates are current and correctly configured

4

Test with Diagnostic Tools

Use browser debugging tools to inspect authentication flows and identify issues

Best Practices

Follow these recommendations for a secure and effective SSO implementation:

  • Implement MFA: Always use multi-factor authentication with SSO
  • Regularly Rotate Certificates: Update SAML certificates before they expire
  • Use Groups for Authorization: Manage permissions via group membership rather than individual assignments
  • Test Before Deployment: Thoroughly test SSO configuration with pilot users
  • Monitor Session Duration: Configure appropriate session timeouts
  • Plan for Fallback: Maintain emergency access procedures in case of IdP outages

Additional Resources

Security Compliance

Learn about Prisme.ai’s security certifications and standards

Data Privacy

Understand how Prisme.ai protects your data

Azure AD Integration Guide

Detailed guide for setting up Azure AD SSO

Okta Integration Guide

Step-by-step instructions for Okta SSO configuration

Getting Help

If you encounter issues with your SSO implementation:

  • Enterprise Support: Contact your dedicated support representative
  • Technical Support: Submit a ticket through the support portal
  • Documentation: Refer to our detailed SSO implementation guides for specific identity providers

Was this page helpful?

Raise issue