KODE Labs platforms use industry standard procedures for active SSO integration. This enables organizations to integrate their existing authentication platforms with their KODE Labs organization in order to have SSO functionality.

If your KODE Labs workspace has SSO enabled, users are able to sign in to the organization through your organization Identity Provider (IdP) credentials, instead of using KODE Labs account credentials. 

KODE Labs allows IdP integration via the following methods:

• OpenID Connect Authentication (OIDC)

• Security Assertion Markup Language (SAML)

To view your current Sign in Methods, in the sidebar of Launchpad, click Sign In Methods. The Sign In Methods page appears, displaying all the IAM methods set up for your organization. From here you can add SSO.

Technical Support & Experience

KODE Labs works with the client to configure the active directory integration as needed for a seamless integration and experience for end users. KODE Labs has already integrated with the following commonly found active directory / identity management platforms:

• CyberArk

• Azure Active Directory (Azure AD)

• Okta

• Auth0

• JumpCloud

Enable Single Sign-On

Requirements 

In order to enable Single Sign-On (SSO) for your organization, you need the following:

• Access to your Identity Provider’s (IdP) configuration settings

• Admin Role in your KODE Labs workspace

Set up SSO in Launchpad

To set up SSO for your organization with any IdP, 

1. In the sidebar of KODE Launchpad, click Sign In Methods.

2. Click + Add Sign in Method.

3. Select an existing Sign in Method or add a custom one (OIDC or SAML). The Add Sign-In Method page appears. Based on the IdP selected, there are different required fields.

4. In the Sign-in Method Name field type a name. The Name must be unique. It can not be updated after it is saved.

5. Several fields have information generated for them, such as: Assertion Consumer Service URL, SP Entity ID, Subject NameID Format, Protocol Binding, Signature Algorithm and Attributes Configuration. Take note of this information; you will need it to configure the KODE Labs application for your Identity Provider. 

6. Enter the required information and click Save.

Set up the KODE Labs app in your IdP

1. Log in to your IdP account.

2. Create a new application (or connector in some IdPs).

3. In your IdP account settings, you provide the SSO Configuration details that you received from the Sign in method in Launchpad (Set up SSO in Launchpad).

4. In your IdP, provide the following details.

• Single Sign-on URL: Provide the Assertion Consumer Service URL that was generated for your  organization in KODE Launchpad.

• Use the Entity ID: (Generated in Launchpad) in your IdP in Audience URI, SP Entity ID, SAML Issuer ID, or fields similar to these.

• NameID Format: Select or enter EmailAddress. This defines the parameter that your IdP should use to identify KODE Labs users. 

• Signature Algorithm: Select RSA-SHA256.

• Protocol Binding: Select HTTP-POST.

5. Under Attribute Mapping, add the following attributes. If you want to map IdP groups/roles to KODE Labs roles, you need to add a new attribute called “roles” under Attribute Mapping, and return your IdP users’ roles or groups to KODE Labs - Launchpad.

• For SAML IdP: firstName attribute, lastName attribute

• For OIDC IdP: firstName claim, lastName claim

6. Return the following information to KODE Labs.

• roles claim for OIDC IdP

• roles attribute for SAML IdP

7. Once you enter all the details and save your settings in the IdP, you should receive the IdP Single Sign-On URL and x509Certificate or MetaData file.

Configure IdP details in KODE Launchpad

1. Go to the Add Sign-in Method page in Launchpad.

2. At Upload MetaData field upload the MetaData file or:

• IdP URL: Paste the IdP Single Sign-On URL that you received from IdP (Step 7 - Setup KODE Labs app in your IdP).

• Certificate: Upload the x509Certificate that you received from your IdP.

3. Fill in the Attributes Configuration.

4. Click Save.

Security Assertion Markup Language (SAML)

OpenID connect authentication (OIDC) 

KODE OS user role mapping

With active directory integration, while client user authentication occurs on the active directory platform, KODE Labs also allows client user permissions to automatically be passed through as part of the integration. Some configurations are made as part of the integration. These parameters are detailed in the table below.

This is not a requirement, and user permissions can be set natively on KODE OS independent of the manner of user authentication. 

Configure role mapping

Before you add new role mappings, you must add the roles' attributes in the Attribute Mappings section in your IdP, and then return the information in KODE Labs.

After enabling IdP Role Mapping, the role management (in KODE Labs) for the users of your IdP is handled from your IdP, instead of from KODE Labs.

You can manage your role mappings by adding the ability to Create, Update, and Assign users to buildings on sign in.

• Create user on first login: Allows automatic user creation on first login enable the toggle button. Fill in the First Name attribute, Last Name attribute and Roles attribute

• Default Role: Enable the toggle button to set the role for users without having a role mapped in this Sign in Method. (Other roles can be added after you save the Sign In Method.) 

• Update user role on login: Enable the toggle button to change user roles when they login. This means that the existing roles assigned to the users are overridden by the roles assigned to IdP groups.

• Site Mapping: Click the toggle button to allow access to the site's map. You can add more after you save the Sign In Method.

Edit SSO configuration

To edit a SSO configuration,

1. In Launchpad, click Sign-in Methods.

2. From the methods listed, select the IAM method that you want to modify. The Sign-in Method page appears.

3. Click the Edit button at the top-right of the SSO Details section. The Edit Single Sign-On page appears.

4. Update the configuration or the attribute fields (for example SP Enity ID, IdP URL or IdP Entity ID) as needed.

5. Update and Upload.

• Metadata which autofills all of the required fields or enter the information manually.

• Signing certificate that is used to encrypt the SAML assertion

6. Click Save. (If you want to discard your changes, click Cancel instead.)

Add a new IAM method

You can add an Identity and Access Management (IAM) sign-in method. To add a method,

1. In the sidebar, click Sign in Methods. The Sign In Methods page appears, showing all the IAM methods already set up for your organization.

2. Click the + Add Sign in Method button. A pop-window appears.

3. Select the Sign in method you want to add and click Continue.

Info: Only Admin users are able to add these methods into their organization’s Launchpad.

Add a custom IAM method 

1. The Authentication Callback URL is pasted into the Single Sign-On provider platform with which we want to connect KODE OS.

2. "OpenID Well-known URL" with the Client ID and Client Secret are generated when KODE OS is added as one of the Apps in the Single Sign On provider platform. Please refer to the SSO Provider Documentation to obtain the information for these fields.

3. To set a Sign in Method by default, click on the Set as default Sign In Method checkbox.

Note: When you add new users to your environment they are assigned to the default method. However, you can always change that by clicking the Change Method button while creating a user.

4. Once you fill in all the required fields, click Save.
   

Log in through Single Sign On

There are two ways you can sign in to your building environment: 

• With a workspace URL 

• Without a workspace URL.

Workspace URL

Without a Workspace URL

If you do not specify your workspace URL,

1. Type accounts.kodelabs.com into your browser address field. The Sign in to your workspace page appears.

2. Type your workspace domain and click Continue.
   The following options are available to sign in.

• Use the IAM tool: Click on the available Sign in with... option. You are directed to choose your account for that specific IAM method. (If you are not logged in to your IdP, you will be redirected to the IdP sign-in page, where you are required to authenticate yourself. However, if you are already signed in to your IdP while signing into KODE Labs via SSO, you will not be asked to log in again and will be redirected to your workspace.)

• Use your KODE OS account credentials: Enter your email and password, and click Login with email.  

If you need help to find your workspace click on the Find your workspaces button on the “Sign in to your workspace” page.

Find Your Workspace

If you need help finding your workspace, click on the Find your workspace button.

Type your email address and click on Continue. You will be sent an email that contains instructions to help you find your workspace.

The advantages of Single Sign-On (SSO)

What is Single Sign-On (SSO)?

Single Sign-On (SSO) is an authentication method that enables users to access multiple independent software systems with a single set of login credentials. For organizations using a comprehensive platform like KODE OS, implementing SSO is not merely a convenience but a strategic imperative. It significantly enhances both user experience and organizational security and efficiency.

How SSO works with KODE OS

In a KODE OS environment where SSO is enabled, users do not use separate KODE Labs account credentials. Instead, they authenticate through their organization's central Identity Provider (IdP). This IdP manages and verifies user identities, granting access to KODE OS and its integrated modules.

KODE OS supports IdP integration through industry-standard methods:

• OpenID Connect Authentication (OIDC)

• Security Assertion Markup Language (SAML)

This centralized authentication process streamlines access and strengthens security. When a user attempts to access KODE OS, they are redirected to their organization's IdP for authentication. Once authenticated by the IdP, the user is seamlessly redirected back to KODE OS with validated access.

Key benefits of SSO for users

SSO provides numerous advantages directly impacting the end-user experience.

For new KODE OS users, the onboarding process becomes much smoother. Instead of configuring multiple accounts and passwords, only one needs to be set up, accelerating a user's ability to become productive with the software.

• Reduced Password Fatigue: Users no longer need to remember multiple usernames and passwords for various applications. A single set of credentials grants access to everything, drastically reducing the mental burden associated with managing numerous login details across all of their instances.

• Faster Access: Eliminating the need for separate logins to each component saves valuable time throughout the day, significantly boosting overall productivity.

• Enhanced Security Posture and User Behavior: When users only have one password to remember, they are more likely to create and use a strong, unique password for their SSO account, rather than resorting to weak, easily-guessed, or reused passwords across various systems.

• Reduced Phishing Risk: Fewer distinct login pages reduce the attack surface for phishing attempts. Users become accustomed to a single, trusted SSO portal (for example, logging in via their organization's Identity Provider like Azure AD or Okta), making them less susceptible to being tricked into entering credentials on fraudulent sites.

• Less Account Lockout: The frustration and lost productivity associated with forgetting one of many passwords and subsequent account lockouts are significantly minimized with SSO, as there is only one set of credentials to manage.

Key benefits of SSO for organizations

Implementing SSO delivers substantial organizational benefits related to security, compliance, and operational efficiency.

KODE OS integration with common Identity Providers

KODE Labs platforms integrate with several commonly used Identity Provider (IdP) platforms, ensuring compatibility and ease of deployment for organizations. This broad compatibility allows KODE OS to seamlessly fit into existing IT infrastructures.

KODE OS has integrated with the following IdPs:

• CyberArk

• Azure Active Directory (Azure AD)

• Okta

• Auth0

• JumpCloud

A more secure and efficient experience

By implementing SSO, an organization transforms its authentication landscape, creating a more secure, efficient, and user-friendly environment. SSO in KODE OS provides simplified access for users and robust, centralized control for administrators, contributing to an overall enhanced experience.