Many NowSecure customers leverage enterprise SSO with NowSecure Platform to simplify the login process for their employees. Please note that while enterprise SSO is easily set up on NowSecure Platform, it does require direct assistance from NowSecure staff and your SSO team to finalize set up. If you are planning to proceed with implementing SSO, please submit a request here or email NowSecure Support at firstname.lastname@example.org.
NowSecure Platform does not include a SSO via self-service option at this time, but this enhancement is planned for the future.
Below are available enterprise SSO options currently available for NowSecure Platform. Please see Below for configuration requirements.
OAUTH2 / OIDC
Post SSO Login Process
Regardless of which path you choose, once you have completed the process, new users will no longer use the invite system to get access to the Platform. The flow will work as follows:
- A user goes to https://app.nowsecure.com
- Users enter their email address in the appropriate box.
( Do NOT use Google or Git Social logins if you have SSO configured. )
- The email address domain is recognized in the SSO as associated with your domain.
- The user is redirected to login at your SSO (this step may occur automatically depending on the settings of your corporate environment.)
Once authenticated, the token is redirected to us and the user is granted access.
- If the user is a new user, they are granted the Customer role. The user then contacts their Platform admin who can log in and elevate role access.
- If the user is an existing user, they now see all their apps and can proceed as normal.
- Existing accounts will be migrated to your SSO in order to ensure all elements of your NowSecure Platform instance will remain in place (i.e. existing groups / API Tokens / user roles).
- NowSecure does not use any permissions from the AD as permissions and roles are managed from within the NowSecure Platform.
SSO Set Up
Note: NowSecure currently only offers SP initiated logins. IdP is not supported.
As NowSecure does not support self-service SSO setup, you will need to provide some information to our support team to complete the configuration process.
NowSecure requires the email domain(s) that your users will be using to get started.
From this, we will generate our metadata which you can use to setup SSO. (You may need to work with your SSO team to complete the process.)
Your SSO team will need the metadata file provided by NowSecure as well as the following information below.
|ATTRIBUTE TO BE SENT||VALUE|
Once your SSO team has created the connection on your side, they will provide you a metadata file to give to NowSecure (this can be sent directly to email@example.com, transmitted via the Services tab in Platform . Your SSO team will need to assign permissions on your SSO app to access the NowSecure Platform.
OAUTH2 /OIDC/ Azure AD
NowSecure requires the following information to get started. You may need to work with your SSO team to complete the process.
- Email domain(s) end users will be using.
- The callback you will use is https://id.nowsecure.com/login/callback
Your SSO team will need to assign permissions on your SSO app access the NowSecure Platform.
Once your SSO team has created the connection on your side, they will provide you the Issuer URL, client ID and client secret to give to NowSecure (this can be sent directly to firstname.lastname@example.org, transmitted via the Services tab in Platform, or transmitted to the business email of the team member assisting you.
Lastly, your SSO team will need to assign permissions on your SSO app to access the NowSecure Platform.
Organizations may from time to time rotate their certs and require updates to be added into the NowSecure system. When this occurs, please submit your request to the NowSecure SSO Team via email@example.com.