SAML Single Sign-On

Security Assertion Markup Language (SAML) is an XML-based framework for enabling authentication through a third party identity provider or in-house single sign-on application.

SAML comes in handy for organizations which use multiple applications or services and need a single source to manage member activity. Instead of creating multiple credentials for different applications, with SAML you can create one set of credentials per member and allow them to access multiple applications.

SAML offers the ability to:

  • Manage a password policy across multiple applications
  • Access multiple applications securely
  • Reduce the risk of lost or forgotten passwords
Note
  • Enabling SAML will mandate all users to sign in only via SAML.
  • Okta, Google and Azure AD are the supported IdPs. If you are using a different IdP, please raise a request to iFax support
  • Only one IdP can be configured at a time.
  • The team member's email address must be present in iFax and IdP.

Terminology

Team Member: Team Member is an employee of the organization, say, Acme Inc, and is an authorized user of Acme Inc's iFax User Interface.

Authentication: The verification mechanism that certifies an individual is the actual person they claim to be.

IdP: Identity Provider (IdP) is the platform or application that provides authentication for the member.

SP: Service Provider (SP) is the application that needs authentication for allowing access to the member. For the entirety of this doc, iFax is the Service Provider.

Login URL: This URL will take you to the IdP's login page asking for your credentials. Login URL is provided by your IdP and must be added in iFax while integrating.

X.509 Certificate: iFax accepts only X.509 Certificate to validate the authenticity of an IdP.

Login Options

You can log in to iFax using one of the ways listed below:

Sign in via IdP

  1. Log into your IdP.
  2. Select iFax from the list of applications.
  3. You will be taken to the iFax Dashboard.

Sign in via iFax

  1. In the login page, click Log in with SSO.
  2. Enter the email in the text box provided and click Sign in.
  3. You will be taken to your IdP's login screen. Enter your credentials and click Sign In.

Okta as IdP

You can add iFax app in Okta using the steps below:

  1. Log in to your Okta account and go to Applications and Create App Integration
  2. https://www.ifaxapp.com/login/ - for ACS URL(Assertion Consumer Service URL).
  3. https://www.ifaxapp.com/ - for Entity ID
  4. Click View Setup Instructions under the Sign On tab to get the
    • Login URL
    • SAML Certificate

These are required and need to be pasted in your iFax User Interface while enabling SAML.

Google as IdP

You can add iFax app in Google using the steps below:

  1. Log in to your Google admin account and search for "iFax" under Add applications
  2. https://www.ifaxapp.com/login/ - for ACS URL(Assertion Consumer Service URL).
  3. https://www.ifaxapp.com/ - for Entity ID
  4. Click View Setup Instructions under the Sign On tab to get the
    • SSO URL
    • SAML Certificate

These are required and need to be pasted in your iFax User Interface while enabling SAML.

Azure AD as IdP

You can add iFax app in Microsoft's Azure Active Directory using the steps below:

  1. Sign into your Microsoft Azure site(through portal.azure.com).
  2. Go to Azure Active Directory > Enterprise applications > New application > Non-gallery application and add an application by naming it as "iFax".
  3. Now, go to the newly created iFax application and select Single sign-on found on the left pane and select SAML.
  4. Click edit against the Basic SAML Configuration section and enter
    • https://www.ifaxapp.com/ - for Identifier(Entity ID) field
    • https://www.ifaxapp.com/login/ - for Reply URL (Assertion Consumer Service URL) field.
    • Scroll down to the Setup iFax section. Copy the Login URL and paste it in the field provided in iFax's SAML Configuration page.
    • In the SAML Signing Certificate section, Use the URL given against App Federation Metadata URL and copy the content present between the start and end tags of «X509Certificate». Paste it in iFax's SAML Certificate field.

Configure SAML in iFax

  1. Login to iFax and navigate to Settings > Team & SSO > SSO.
  2. Enable Single Sign On.
  3. Paste the Login URL and the X.509 Certificate retrieved from the IdP.

Disable SAML

To disable SAML, go to Settings > Team & SSO & SSO and disable Single Sign On.

When you disable SAML in iFax, your team members will be notified that SAML has been disabled and they should sign in using custom credentials.

Email Notifications

Your Team members will receive a system generated email during the following events:.

  1. When admin enables SAML for the organization's iFax site
  2. When a new team member is added to the organization's iFax site
  3. When SAML is disabled