Single Sign On (SSO)

What is Single Sign On (SSO)

Single sign on is an authentication process that allows a user to log into Monolith using thier organization's authentication mechanism and identity management system. This authentication process is used in place of Monolith's default login system.

For example, if configured, a user may login into Monolith using Microsoft Azure AD credentials instead of using the default Monolith user credentials.

SAML 2.0

SSO integration with Monolith uses the SAML 2.0 open standard to connect to your identity provider.

Identity Provider/Service Provider

Identity and service provider are common terms used when configuring an SSO connection. The identity provider is the service your organization uses to manage it's employees' credentials to provide access to IT resources.

The service provider is the vendor or software that relies on the identiity provider ro authentication and identification.

In this case, Monolith is the service provider.

What about Multi-Factor Authentication (MFA)?

When logging in with SSO, the Monolith MFA process is not used - MFA is passed onto the identity provider that is used in the SSO process.

SSO Sessions

When a user authenticates into Monolith via SSO, a Monolith session is created that matches our default session standards.

SSO Setup and Configuration

To integrate SSO with Monolith, you must have purchased an Enterrpise license to Monolith.

In order to setup SSO with Monolith, your organization should provide a SAML metadata file that is in XML format. This metadata file will contain specific information related to the SSO connection with Monolith that we need for integration.

Monolith will then provide your organization with 2 key pieces of information to complete the SSO connection:

ACS URL:

https://monolith-app.monolithforensics.com/api/auth/saml/acs/{{UNIQUE ORG ID}}

Service Provider Entity ID:

https://monolith-app.monolithforensics.com/{{UNIQUE ORG ID}}

These values are used by your identity provider to create an SSO connection with Monolith.

Metadata Attributes

In order for Monolith to properly identify the user after SSO authentication, we need the user's email to be included with the SAML response.

This is typically included as a "NameID", but may also be added as an "email" attribute.

Support

To setup SSO with your Monolith account, please contact support: support@monolithforensics.com