Admin Portal

• 1: Dashboard
• 2: Integration
• 3: Identity Store
• 4: Policy
• 5: Terms and Conditions
• 6: Open Source licence

1 - Dashboard

Notifications are a feature that can deliver and share important alerts related to the use of SingleID to users.

Administrators can register and manage notifications through the notification menu. Administrators select the notification type (normal/urgent) based on the notification content and importance, and when they create a notification, users can receive the notification before login (urgent) or after login (normal/urgent).

The administrator can register and manage notifications to be delivered to users. There are two types of notifications, which are provided as distinguished below.

Notification

List

To check the notification list, access the menu as follows.

• Admin Portal > Dashboard > Notifications

Notification Registration

If you want to register a notification, follow the steps below.

1. Admin Portal > Dashboard > Notifications Please click the menu.
2. Register button, when clicked, you will be taken to the notification registration page.
3. Check the input items as below and select and enter the details in detail.
4. Click the Save button.
5. Check the notifications registered in the list.

Notification Edit

If you want to edit the notification, follow the steps below.

1. Admin Portal > Dashboard > Notifications Please click the menu.
2. Select the notification that needs editing, and click the Edit button at the bottom of the screen.
3. After editing the field you want to modify, click the Save button.
4. Check the edited notification in the list.

Delete Notification

If you want to delete the notification, follow the steps below.

1. Admin Portal > Dashboard > Notifications Click the menu.
2. Select the notification that needs to be deleted, and click the Delete button at the top right of the screen.
3. The notification delete popup appears.
4. Confirm If you click the button, the notification will be deleted.

Approval Request

When you click the approval request menu, the administrator can view and cancel all users’ approval requests.

The approval request consists of the Approval Request List and Approval Request Queue tabs.

Approval Request List

If you click the approval request list tab, you can view all approval request items.

There are four types of approval request statuses. You can easily filter and view them using the Approval Request, Approve, Reject, Cancel Submission buttons at the top. If you want a detailed search, you can use detailed search in the search bar at the top right.

• Approval Request: Shows all approval request statuses.
• Approval: Shows all completed approval statuses.
• Rejection: Shows approval request items that have been rejected.
• Submission Cancellation: Shows approval request items where the approval has been cancelled.

The description for the approval request list items is as follows.

Approval request lookup and cancellation

When you click the approval request list, the information of the corresponding approval request appears in a popup. Requests that have not yet been approved can be cancelled by the administrator using the Cancel Request button.

Approval Request Queue

Click the approval request queue tab to view all ongoing approval requests and delete them by selecting all or selecting individually. Through detailed search, if the requester has resigned or the approver is absent, the administrator can arbitrarily cancel (delete) the approval request.

Delete approval request

If you want to delete the approval request, follow the steps below.

1. check the left selection box of the list (v).
2. At the top of the list, the Delete button will be activated. Please click the Delete button.
3. Request Delete Popup appears. Click the Delete button.
4. The selected approval request in the list has been deleted.

Sign Up

When you click the sign-up menu, the list of sign-up requests appears.

Sign-up Request

When you click the sign-up request tab, the list of sign-up requests appears.

The status of approval requests has four types. You can easily filter and view them using the Approval Request, Approval, Rejection, Submission Cancel buttons at the top. If you want detailed search, you can use detailed search in the search bar at the top right.

• Approval Request: Shows all approval request statuses.
• Approval: Shows all completed approval statuses.
• Rejected: Shows approval request items that have been rejected.
• Submission Cancellation: Shows approval request items where the approval has been cancelled.

Sign-up Email Invitation

The sign-up email invitation is a method where the administrator sends an invitation email to the desired user via their email address for them to register.

If you want to send an invitation email, follow the steps below.

1. Dashboard > Sign Up > Sign Up Email Invitation Click the tab.
2. Click the Send Invitation Email button at the top right.
3. Invitation Email Sending Popup appears.
4. Enter the email address to invite in the email field, and click the Add button.
5. Select the group that will be automatically assigned when a recipient joins the group item. (If not set, the group will be unspecified)
6. Click the Invite button at the bottom right of the popup.
7. An invitation email will be sent to the email address you specified.

2 - Integration

Integration is a service that sets up and manages authentication services and account information for various applications.

In SCP SingleID, we support integration with new applications through customized authentication linkage and account distribution services, as well as the DIY (Do-It-Yourself) feature.

Through the integration menu, we provide integration management features such as Application, Identity Provider, Authenticator, MFA Service Provider.

Application

The application is a menu that registers and connects various applications to apply the authentication service of SCP SingleID.

The administrator can register/modify a new application through the application list screen, and can sort, search, and delete registered applications.

Application List

The administrator can select a registered application on the application list screen to edit/delete, sort, search, etc., and can navigate to a menu screen where a new application can be registered.

To check the application list, access the menu as follows.

• Admin Portal > Integration > Application

Application Registration

The administrator can register the application by clicking the Register button on the list screen.

Application registration is possible in two ways: Custom App Integration and Pre-Built App Integration.

To register an application, access the menu as follows.

• Admin Portal > Integration > Application > Register Button Click
• Custom App Integration or Pre-Built App Integration Select tab

Custom App Integration

Custom App Integration registration is a connection menu for authenticating the application you want to integrate and distributing accounts.

We provide three types of connection functions as follows.

When you want to register an application by linking authentication, you provide and select the type (SAML, OIDC) according to the standard authentication linkage method.

When registering an application by linking account distribution, we provide the standard online API method (SCIM).

To register the application Custom App Integration, follow the steps below.

1. Admin Portal > Integration > Application > Register Click button
2. Custom App Integration > Web Application(SAML) orWeb Application(OIDC) or Identity Provisioning(SCIM v2.0) select > Next click the button
3. Go to detailed settings

Through a screen consisting of six steps as follows, you can enter and configure the information required for integration and register the application.

Applications using standard protocols (SAML, OIDC, SCIM) can register information and set policies and attributes through a screen consisting of the following six steps.

1. General
2. SSO
3. Provisioning
4. Profile
5. Policy
6. Assignment

General

Enter the general application information by referring to the below.

SSO

On the SSO information input screen, enter Single Sign On configuration information.

Provisioning

The Provisioning menu is an account management function that can distribute user information to applications for synchronization. In SingleID, we provide methods based on global standard API specifications such as SCIM and REST.

On the Provisioning information input screen, enter the configuration information for account information distribution.

Profile

Enter the setting information for user/group for deployment on the profile information input screen.

After entering all items and clicking the Complete button, the basic application settings are completed. When you complete registering a new application, it will be added to the application list and new tabs called Policy, Assignment will be created.

Policy

You can set login policy and access control information for application policy configuration.

Allocation

Register information for assigning application users based on users and groups. This menu assigns access permissions by setting the users and groups that can access the registered application.

If you want to assign a user, follow the steps below.

1. If you click the application, you will be taken to the detailed page of that application.
2. Click the Assign tab and User tab > Assign button
3. User Assignment When the popup appears, select the user you want to assign, and click the Assign button.
4. Assignment tab shows the selected user in the list.

Pre-Built App Integration

Pre-Built App Integration menu provides a convenient way to quickly and easily connect the SaaS application you want to use, by pre-preparing necessary settings such as connection information, name, icon, so you can use it conveniently.

To integrate the application via Pre-Built App Integration, check the menu path below.

• Admin Portal > Integration > Application > Register > Pre-Built App Integration Click tab
• Application select > Next button click
• Go to detailed settings

Pre-Built App Integration menu, like the Custom App Integration menu, can register an application by entering and configuring the necessary integration information through a screen consisting of six steps as follows.

The input items and methods for each step are the same, except for the information that has been predefined and entered for Pre-Built.

1. General
2. SSO
3. Provisioning
4. Profile
5. Policy
6. Assignment

General

Enter the general application information by referring to the below.

SSO

Enter Single Sign On setting information on the SSO information input screen.

Provisioning

The Provisioning menu is an account management function that can distribute user information to applications for synchronization. In SingleID, we provide methods based on global standard API specifications such as SCIM and REST.

Enter the configuration information for account information distribution on the Provisioning information input screen.

Profile

Enter the user/group configuration information for deployment on the profile information input screen.

After entering all items and clicking the Complete button, the basic application settings are completed. When you complete registering a new application, it is added to the application list and new tabs called Policy, Assignment are created.

Policy

You can set login policies and access control information for application policy settings.

Assignment Settings

Register information for assigning application users based on User and Group. This menu assigns access permissions by setting users and groups that can access the registered application.

To assign a user, follow the steps below.

1. When you click the application, you will be taken to the detailed page of that application.
2. Click the Assign tab and the User tab > Assign button.
3. User Assignment When the popup appears, select the user you want to assign, and click the Assign button.
4. Assignment tab shows the selected user in the list.

Application Modification

You can modify the settings by clicking the application on the list screen.

If you want to modify the application, follow the steps below.

1. Admin Portal > Integration > Select Application > Edit Click the button.
2. Click the General, SSO, Provisioning, Policy, Assignment, Permission Items, Rebranding tab to edit the items.
3. Save button을 클릭하세요.

Permission Items

The permissions tab provides synchronization integration with the application’s permissions.

If you want to set permissions, follow the steps below.

1. If you click the application, you will be taken to the detailed page of that application.
2. Click the Assignment tab and the Permission Items tab > click the Register button.
3. Permission item When the popup window appears, it is necessary to register the permission item.
4. Enter Permission, key, display name, content and click Save to register the permission.

Rebranding

When registering in the application, an additional rebranding tab that does not appear is created. The application’s rebranding includes rebranding functionality for the login page when accessing a separate application.

The included rebranding features are as follows.

• Favicon : The favicon can be edited in the browser.
• Header logo: The header logo on the login screen can be changed to the logo you want.
• Key visual image: The key image set by default on the login page can be modified.
• Sign-up page redirection: Registration can be done on a separate operating sign-up page instead of SingleID’s sign-up page.
• Privacy Policy Redirection: You can register the privacy policy URL used in the existing application.
• Terms of Service redirection: You can register the Terms of Service URL used in the existing application.

UI

By clicking the application on the list screen, and clicking the edit button on the rebranding tab, you can configure application-specific UI rebranding.

Favicon Change

Favicon changes in the application can be set according to the characteristics of the corporate application.

If you want to edit the favicon, follow the steps below.

1. Admin Portal > Integration > Select Application > UI > Edit Click the button.
2. Favicon select custom in the Favicon item.
3. Favicon image (pencil shape) Click the item, then click the favicon image.
4. Upload an icon file or enter the icon image URL.
5. Save button, click it and verify through the preview screen that the upload was successful. 6.Korean page Enter the title in Korean.
6. English page Enter in English in the title.
7. If the input is completed, check through the right preview whether it was entered correctly.
8. Click the Publish button at the lower right corner.

Header Logo Change

In the application, separate header logo changes can be configured to suit the characteristics of the corporate application.

If you want to edit the header logo, follow the steps below.

1. Admin Portal > Integration > Select Application > UI > Edit Click the button.
2. Header Logo Select custom in the item.
3. Text logo and image logo can be selected and set.
4. Enter the Korean Redirect URL and the English Redirect URL.
5. If the input is completed, check through the right preview whether it was entered correctly.
6. Click the Publish button at the lower right corner.

Key Visual Change

In the application, separate key visual changes can be configured to suit the characteristics of the corporate application.

If you want to edit the key visual, follow the steps below.

1. Admin Portal > Integration > Application Selection > UI > Edit button, click it.
2. Key Visual Select Custom in the item.
3. Click to use a single key visual for all languages and language-specific key visuals.
4. If the image upload is complete, check through the right preview to see if it was entered correctly.
5. Click the Publish button at the lower right.

Redirect

By clicking the application on the list screen, then clicking the edit button in the Rebranding tab, you can configure application-specific rebranding for redirection.

Application Deletion

From the application list screen, select the application, deactivate it, then return to the list screen and you can delete it from the three‑dot menu. To register again, click the Add button to register.

Identity Provider

This is a menu for registering and managing IdPs that provide authentication services and credentials to SCP SingleID. At this time, SCP SingleID acts as a Service Provider and receives authentication services from the IdP.

Identity Provider List

On the list screen, you can select a registered Identity Provider to edit/delete, sort, search, etc., and you can navigate to a menu screen where you can register a new Identity Provider.

To view the Identity Provider list, you can access the following menu.

• Admin Portal > Integration > Identity Provider

Identity Provider Registration

You can register by clicking Register at the top of the Identity Provider list screen.

To register Identity Provider, follow the steps below.

1. Admin Portal > Integration > Identity Provider > Register Click button
2. Custom App Integration > Web Application(SAML) or Web Application(OIDC) select > next click the button
3. Go to detailed settings

Identity Provider can be registered by entering and setting the information required for integration through a three-step screen as follows.

• General
• SSO
• JIT Provisioning

General

Enter general information for IdP (Identity Provider).

SSO

Enter Single Sign On configuration information on the SSO information input screen.

When integrating with Web Application (OIDC)

JIT provisioning

Identity Provider’s JIT provisioning feature tab has been added. This feature synchronizes accounts in real time when user changes occur. You can set items when synchronizing accounts in real time.

After entering all items and clicking the Complete button, the basic application settings are completed.

Identity Provider Edit

If you click the Identity Provider in the list screen, you can modify the settings.

If you want to modify the Identity Provider, follow the steps below.

1. Admin Portal > Integration > Identity Provider Select > Edit Click the button.
2. Click the General, SSO, Provisioning, Policy, Assignment tab to edit the items you want to modify.
3. Save button을 클릭하세요.

Identity Provider Delete

On the Identity Provider list screen, after selecting an Identity Provider and disabling it, you can return to the list screen and delete it from the three‑dot menu. To register again, click the Add button to register.

Authenticator

Configure by integrating the Authenticator provided by SCP SingleID. By default, password and Email are set to active state.

The Authenticator that is additionally configured and provided is as follows.

• Knox Messenger: OTP can be sent via Knox Messenger.
• PC SSO Agent: SingleID: Provides SSO with Agentless, but uses SSO Agent for multi-browser SSO functionality,
• SingleID Authenticator: It is a SingleID dedicated authentication mobile app that supports biometrics (fingerprint, facial), PIN, mOTP, TOTP.
• SMS: OTP can be sent via mobile SMS.

• Active Directory: Performs authentication with an AD account.
• Passkey: Mobile Passkey, security key, a convenient authentication method that allows easy login with Windows biometric/PIN code.

Authenticator List

We support all authenticators of the six available types.

If you want to check the Authenticator, please check at the following path.

• Admin Portal > Integration > Authenticator

Authenticator Add

When you click Register on the Authenticator list screen, it moves to the next screen and switches to a screen where you can add an Authenticator.

Authenticator를 추가하시려면, 다음의 절차를 따르세요. -> If you want to add an Authenticator, follow the steps below.

1. Admin Portal > Integration > Authentictor > Add Click the button.
2. each authentication methodto select > Next Click the button.
3. Enter the information required for authentication settings.
4. Click the Save button.

Authenticator Edit

On the Authenticator list screen, after selecting an Authenticator and clicking edit, it switches to a screen where you can edit.

If you want to modify the Authenticator, follow the steps below.

1. Admin Portal > Integration > Authentictor > Edit button click
2. Edit each item and click the Edit button to complete the modification.

Authenticator Delete

On the Authenticator list screen, select the Authenticator, deactivate it, then return to the list screen and you can delete it from the three‑dot menu. If you want to register again, click the Add button to register.

MFA Service Provider

MFA Service Provider menu provides a service that enhances user convenience by meeting the security requirements required by companies through multi-factor authentication, applying stronger authentication technologies along with biometric and simple authentication technologies.

MFA Service Provider List

To check the MFA Service Provider list, you can access the following menu.

• Admin Portal > Integration > MFA Service Provider

MFA Service Provider Registration

To register the MFA Service Provider, follow the steps below.

1. Admin Portal > Integration > MFA Service Provider > Register button click
2. ADFS Federated Application or Custom Application or Network Equipment select > next button click

You can register an MFA Service Provider by entering and configuring the information required for MFA Service Provider integration through a three-step screen as follows.

• General
• MFA integration
• [Person in charge](#person in charge)

General

MFA Service Provider Enter general information.

MFA integration

Enter MFA integration information.

Person in charge

Select and register the person in charge of the newly registered MFA Service Provider.

Click the Complete button to complete the registration.

MFA Service Provider Edit

On the MFA Service Provider list screen, after selecting the Authenticator and clicking edit, it switches to a screen where you can modify.

If you want to modify the MFA Service Provider, follow the steps below.

1. Admin Portal > Integration > MFA Service Provider > Edit Click the button.
2. Modify each item and click the Edit button to complete the modification.

MFA Service Provider Delete

MFA Service Provider list screen, select the MFA Service Provider, deactivate it, then return to the list screen and you can delete it from the three‑dot menu. To register again, click the Add button to register.

3 - Identity Store

The Identity Store provides a feature to manage users and groups registered in an organization.

There are several cases where users or groups are registered in an organization, such as being provisioned through registered applications or being directly registered by administrators. The Identity Store integrates users and groups registered in various ways, allowing them to be searched and providing various management functions for administrators to configure detailed settings for each user or group. Administrators can manage all users and groups registered in the organization through the Identity Store.

Users

Tenant administrators can use the features provided in the user menu to search and modify all users registered in the organization, delete users, or directly register new users.

Additionally, administrators can change a user’s group membership or assign usage permissions to allow users to use applications.

Users are registered in SingleID in the following ways:

• Registered through account synchronization (Inbound Provisioning) from an application
• Registered through Just-In-Time (JIT) provisioning from an Identity Provider
• Registered from an MFA Service Provider
• Manually registered by an administrator Administrators can manage registered users in a unified manner using the user menu.

To access the user menu, go to the following menu:

• Admin Portal > Identity Store > User

User List

You can view and search all users registered in SingleID in a list format.

User Registration

The tenant administrator can register users manually on the screen without going through account synchronization.

To register a user, follow the procedure below.

• Click the Admin Portal > Identity Store > User > Register button

The user can input and register information through a 3-step screen as follows:

1. Profile
2. User Group
3. Summary

Profile

In the profile screen, enter the user’s basic profile information. The fields to be entered are as follows.

Click the Next button to move to the User Group screen.

User Group

In the User Group screen, specify the group to be registered for the user. The entire group that can be assigned to the user is displayed on the left side of the screen. Select the group to be assigned to the user and click the > button to move to the assigned group.

To cancel group assignment, select the group to be canceled in the assigned group and click the < button. Click the Next button to move to the Summary screen.

Summary

1. On the summary screen, confirm the registered information and register the user.
2. If you want to modify the entered information, click the Back button to return to the screen you want to modify.
3. To cancel the registration, click the Cancel button.
4. Clicking the Complete and Add Registration button registers the user and returns to the profile screen to register a new user.
5. Clicking the Complete button registers the user and moves to the detailed information screen of the registered user.

User Modification

To modify a user, follow the procedure below.

1. Click the user you want to modify in Admin Portal > Identity Store > User.
2. Profile, Group, Application, Multi-factor Authentication (MFA) method, Device, Active Session will be displayed.
3. Click the Modify button at the bottom and modify the data you want to change.
4. Click the Save button.

Changing the User’s Status

The status of users managed by SingleID is as follows.

The tenant administrator can change the user’s status according to the user’s current status as follows.

The button to change the user’s status is exposed as follows in the list and detail screens.

• When one or more active or inactive users are selected in the list screen
• When moving to the detail screen of an active or inactive user

Password Reset

The tenant administrator can reset a user’s password. When the tenant administrator resets a user’s password, a guidance email is sent to the user.

Group

The tenant administrator can view the groups to which a user belongs and add or delete group memberships.

To manage a user’s group, click the Group tab on the details screen.

Delete Group

To delete a group assigned to a user, follow these steps:

1. Select the group to be deleted from the list of assigned groups. (Check the checkbox to the left of the group name)
2. Click the < button to delete the assigned group.

Assign Group

To assign a new group to a user, follow these steps:

1. Select the Group to be newly assigned from the list of all groups. (Check the checkbox to the left of the group name)
2. Click the > button to assign the group.

Application

The tenant administrator can view the applications that users can use, add or delete applications. To manage a user’s application, click the Application tab on the detailed screen.

Deleting an Application

To delete an application assigned to a user, follow these steps:

Select the application to be deleted from the assigned application list. (Check the checkbox to the left of the application name) Click the Unassign button displayed above the application list. Click the Confirm button in the confirmation popup.

Application Assignment

To assign a new application to a user, follow these steps:

1. Click the Assign button located at the top right of the application list.
2. In the Application Assignment popup, select the application (check the checkbox to the left of the application name).
3. Click the Assign button.
4. If you have assigned all applications, click the Cancel button to close the popup.

Multi-Factor Authentication (MFA) Method Inquiry and Management

The tenant administrator can view the multi-factor authentication method registered by the user and modify or delete some of the registration information.

To manage a user’s multi-factor authentication (MFA) method, click the Multi-Factor Authentication (MFA) Method tab on the detailed screen.

Modifying Multi-Factor Authentication (MFA) Method

To modify the MFA method registered by the user, follow the procedure below.

1. Click the Modify button at the bottom right of the screen.
2. Click the Registration Information column of the MFA list you want to modify.
3. After modifying the information, click the Save button at the bottom right of the screen.

Deleting Multi-Factor Authentication (MFA) Method

To delete the MFA method registered by the user, follow the procedure below.

1. Click the Modify button at the bottom right of the screen.
2. Click the Delete button to the right of the MFA method you want to delete.
3. Click the Confirm button in the warning popup.
4. Click the Save button at the bottom right of the screen.

Viewing User Device Information

The administrator can view the device information added when the user registers the MFA method.

To view the user’s device information, click the Device tab in the detailed screen.

Active Sessions

When a user logs in to SingleID, SingleID manages the session information of the logged-in user.

The tenant administrator can view the user’s current active session and manage it to force the session to end and log out the user.

To manage a user’s session, click the Active Sessions tab on the detailed screen.

Session Forced Termination

To forcibly terminate a user’s session, follow these steps:

1. Click the Terminate button located at the top right of the session you want to terminate.
2. In the Terminate Confirmation popup, click the Terminate button.

Forcible Termination of Multiple Sessions

If you want to terminate multiple sessions simultaneously, follow these steps:

1. Select the sessions you want to terminate in the list and check the checkbox (V) displayed on the left side of the session information.
2. Click the Terminate button displayed at the top of the list.
3. In the Terminate Confirmation popup, click the Terminate button.

User Deletion

The tenant administrator can delete user information from SingleID.

The delete user button is exposed in both the list and detail screens as follows:

• When one or more users are selected in the list screen

1. After selecting a user, click the Delete button to display a Confirmation popup on the screen.
2. To delete a user, confirm the user’s information and enter the user’s ID, then click the Delete button.
3. When multiple users are selected and the Delete button is clicked, the following Confirmation popup is displayed on the screen.
4. To delete the selected users, use the <, > buttons to confirm all users’ information, enter Delete All, and then click the Delete button.
   Notice

   You must confirm all user information and enter Delete All to activate the delete button.

   If you have moved to the user details screen

   1. If the administrator wants to delete a user, a confirmation popup will be displayed.
   2. To delete a user, check the user’s information, enter the user’s ID, and click the Delete button.

Group

The administrator can use the functions provided in the Group menu to view and modify all groups registered in the organization, delete groups, or register new groups.

You can also change the group membership rules or assign usage permissions to group members so that they can use applications.

Groups are registered in SingleID in the following ways:

• Registered through inbound provisioning from an application (Application)
• Manually registered by the administrator (Create Group) The tenant administrator can manage registered groups in various ways using the group menu.

To access the group menu, move as follows:

• Admin Portal > Identity Store > Group

Group List

The tenant administrator can view and search all groups registered in the organization in a list format.

Create Group

The administrator can manually register a group on the screen without going through inbound provisioning.

1. To manually register a group, click the Register button on the group list screen.
2. When you click the Register button, the group registration popup is displayed on the screen.

The fields that must be entered for group registration are as follows:

3. Complete button is clicked, the group is registered and moves to the detailed information screen of the registered group.

Detailed Information Inquiry and Modification

The administrator can move to the group’s detailed information inquiry screen by clicking the Group in the group list.

If a new group is registered, it will also move to the group’s detailed screen immediately after registration.

At the top of the group detail screen, the group name, description, and management entity information are displayed, and below that, the group information is composed of multiple tabs.

The tenant administrator can confirm the detailed information of the registered group through the Group Profile tab.

To modify the group’s detailed information, follow the procedure below.

1. In the group detail screen, select the Profile tab.
2. Click the Edit button.
3. Modify the Group Information.

The fields that can be modified are as follows.

4. Click the Save button.
5. To return to the inquiry state without saving the modified information, click the Cancel button.

Group Membership Rule Management

The administrator can set rules to automatically configure users who meet certain conditions as group members.

When a group rule is set, the tenant administrator does not need to manually manage members, and the group members are automatically configured and added or deleted according to the set condition.

To manage group membership rules, click the Rules tab on the detailed screen.

To set a group rule, follow the procedure below.

1. Select the Rules tab on the group detailed screen.
2. Click the Edit button.
3. Click the On button for the membership policy setting.
4. Set the condition in the WHEN section.
5. Click the Save button.
6. To return to the inquiry state without saving the set rule, click the Cancel button.

The user’s attributes that can be set in the condition item are as follows.

The operators that can be set in the operator are as follows.

Group Member Management

Tenant administrators can manually specify members of a group or delete users from group members.

To manage group members, click the Members tab on the detail screen.

There are three ways to search for members within the group tab.

• Member status filter
• Keyword search
• Advanced search

Member Deletion

To delete a member from a group, follow these steps.

1. Select one or more members to delete from the member list. (Check the checkbox to the left of the member ID)
2. Click the Delete button displayed at the top of the list.
3. Click the Confirm button in the warning popup.

Member Addition

To add a member to a group, follow these steps.

1. Click the Add button at the top right of the member list.
2. In the member addition popup, select one or more users to add as members. (Check the checkbox to the left of the user ID)
3. Click the Add button.
4. If you have added all the desired users as members, click the Cancel button in the popup to close the member addition popup.

Application Management

The tenant administrator can view the applications assigned to a group and add or delete applications.

To manage a group’s applications, click the Group tab on the detail screen.

Application Deletion

To delete an application assigned to a group, follow these steps.

1. Select the application to be deleted from the list of assigned applications. (Check the checkbox to the left of the application name)
2. Click the Unassign button displayed above the application list.
3. Click the Confirm button in the confirmation popup.

Application Assignment

To assign a new application to a group, follow the procedure below.

1. Click the Assign button displayed at the top right of the application list.
2. In the Application Assignment popup, select the application. (Check the checkbox to the left of the application name)
3. Click the Assign button.
4. If you have assigned all applications, click the Cancel button to close the Application Assignment popup.

Group Deletion

Tenant administrators can delete groups from SingleID.

The group deletion button is exposed as follows in the list and detail screens.

• When one or more groups are selected in the list screen
  1. After selecting the group, click the Delete button to display the following Confirmation Popup on the screen.
  2. To delete the group, confirm the group information and enter the group name, then click the Delete button.
  3. If you select multiple groups and click the Delete button, the following Confirmation Popup will be displayed on the screen.
  4. To delete the selected groups, use the <, > buttons to confirm the information of all groups and enter the phrase Delete All, then click the Delete button.

4 - Policy

When logging in to SingleID or logging in to an application registered with SingleID, various settings such as login method, authentication session, and password must be set according to the organization’s security policy.

SingleID provides a policy management feature that allows for detailed settings for login and authentication information.
If you have purchased the anomaly detection feature (ADM), you can set it to analyze the user’s login behavior when logging in and alert the user to potential security threats when an unusual authentication is detected.

The policy features provided by SingleID are as follows:

• Login policy
• Authentication policy
• Anomaly detection policy
  

Using SingleID’s policy feature, you can specify a detailed login method according to who, when, and under what environment logs in to which application, creating a secure authentication environment that meets the organization’s security requirements.

Login Policy

The administrator can set a detailed policy on which authentication means can be used to authenticate when a user logs in to SingleID, and can create a conditional authentication policy for users authenticating in a specific environment if necessary.

Login policy can be configured using the following conditions:

• Which application is logging in?
• Who logs in?
• In what environment do they log in?

To access the login policy menu, navigate as follows:

• Admin Portal > Policies > Login Policy

Basic Login Policy

The Admin Portal has two default policies created as follows.

• Admin Portal Policy: Policy to control Admin Portal access rights
• Default Policy: Basic access control policy for users

The Admin Portal Policy is a login policy applied when logging in to the Admin Portal, and the Default Policy is a login policy applied when logging in to the user portal.

After integrating an application with SingleID, if no separate login policy is assigned, the Default Policy is automatically assigned as the basic login policy.

Registering a Login Policy

The login policy sets the login policy for administrators and users. You can set login policies based on access environment, application, and situation.

The login policy can be registered through a 4-step screen as follows:

1. General
2. Assignment
3. Initial Redirection
4. Rules

General

In the general screen, enter the name and description of the login policy.

The fields to be entered are as follows.

Click the Next button to move to the assignment screen.

Assignment

In the assignment screen, specify the application to which the login policy will be applied.

1. Click the Assign button to display the application assignment popup on the screen.
2. Application Assignment popup, select one or more applications to assign to the login policy and click the Assign button.
3. If all applications have been assigned, click the Cancel button to close the Application Assignment popup.

Initial Redirection

The Initial Redirection screen specifies the user’s login screen entry method and login method

• Redirected to SingleID’s Sign-in page (login page)

• Redirected to the external IdP

  
  

The explanations for the two methods are as follows:

• If Redirected to SingleID’s Sign-in page is selected, the SingleID login page will be displayed to the user attempting to log in.
• If Redirected to the external IdP is selected, the login page of the selected Identity Provider will be displayed to the user attempting to log in.
• After selecting Redirected to the external IdP, you must select and specify the Identity Provider from the selection list.
• If Redirected to SingleID’s Sign-in page is selected, you can optionally display a button at the bottom of the SingleID login screen that allows the user to log in through an Identity Provider.
• AND see the following external IdP buttons on the Sign-In page, you can set up the login screen to display by selecting one or more Identity Providers registered with SingleID in the text input box below and clicking the mouse.

Rules

On the Rules screen, you can modify or add login rules and set the priority between login rules.

Default Rule Setting

The login rule list on the rule screen displays the Default Rule by default.

The Default Rule cannot be deleted and can only be modified. Additionally, when one or more login rules are added, the priority cannot be set. (It is always the lowest priority.)

To modify the Default Rule, follow these steps:

1. Click on the Default Rule in the rule list.
2. The WHEN condition of the Default Rule cannot be modified.
3. The THEN result of the Default Rule can be modified.

• Deny Access
• Allow Access

If you select Deny Access, all user logins will be denied.

If you select Allow Access in the access permission setting, you can set the user’s login method.

Add Rule

To add a login rule, follow these steps:

1. Click the Register button at the top right of the rule list.
2. Enter the name and description of the rule on the rule registration screen.
3. Refer to the following to enter the rule items:

Access Environment

THEN Settings

THEN result area sets the login method and procedure.

In the access permission setting (a), you can select one of the following two options:

• Deny Access
• Allow Access Deny Access is selected, all user logins will be denied. (The default value of access permission setting (a) is Deny Access)

To allow users to log in and set detailed login methods, select Allow Access.

1. In the selection list of the primary login setting, select the Authenticator to be used for login.
2. If you want to allow the user to log in with another Authenticator in addition to the selected primary login method, select the checkbox (V) of And allow another factors below: and select one or more Authenticators in the text input box.

Click the Save button to register the login rule and return to the rule list.

Rule Priority Management

If one or more login rules have been added, the administrator can set the priority of the login rules. If a user meets the conditions set for multiple rules, the login method will be applied according to the rule with the higher priority.

To set the priority of the login rules, follow the procedure below.

1. Drag the ≡ area to the left of the rule name in the rule list with the mouse.
2. The priority of the login rules will be determined based on the position where they are dragged and dropped.
3. The higher the position in the rule list, the higher the priority.

Policy Status Change

The status of the login policy managed by SingleID is as follows.

Policy Deactivation

To deactivate an active login policy, follow these steps:

1. Click the policy you want to deactivate in the policy list to move to the policy details screen.
2. Click the Deactivate button.
3. Confirm the login policy information (the number of assigned applications, the number of rules included in the login policy) displayed in the Confirm popup, and then click the Deactivate button.

Policy Activation

To change the login policy from inactive to active, follow these steps:

1. Click on the policy you want to activate in the policy list to move to the policy details screen.
2. Click the Activate button to change the status of the login policy to active.

Policy Deletion

The administrator can delete the login policy from SingleID.

To delete a login policy, follow these steps:

1. Click on the policy you want to delete in the policy list to move to the policy details screen.
2. If the login policy is activated, click the Deactivate button to deactivate the policy.
3. Click the Delete button displayed at the top right of the deactivated login policy.
4. A popup screen will appear to confirm the deletion of the login policy.
5. To delete the login policy, confirm the policy information, enter the name of the policy you want to delete, and click the Delete button.

Access Simulation

As the number of login policies and rules increases, it can be difficult to understand which user is subject to which policy for login methods. SingleID provides an access simulation feature that allows administrators to quickly check the login policies and rules applied to users.

Using the access simulation feature, you can select a user and an application to access, and define the user’s login environment (network, device, browser, OS) to predict in advance what kind of login method the user will experience in different cases.

Additionally, if there are users who are having trouble logging in and need to review their requests, you can use the access simulation feature to quickly check and modify the policies or rules that are causing the problem.

To use the access simulation feature, click the Access Simulation button at the top right of the login policy list screen.

To run the access simulation, follow these steps:

1. Enter the ID of the user to be simulated.
2. Specify the IP of the user to be simulated. You can select Specific IP Address and enter the IP directly. Enter the IP in the format 123.123.123.123.
3. Specify the device information of the user to be simulated. You can select Platform and choose a device from the selection list.
4. Specifies the browser information of the user to be simulated. After selecting Browser, you can select a browser from the selection list.
5. Specifies the OS information of the user to be simulated. After selecting OS, you can select an OS from the selection list.
6. Click the Application Selection button to select the target application to be simulated.
7. In the Application Selection popup, click the radio button to the left of the application name to select the application, and then click the Add button.

Authentication Policy

The administrator may need to change the detailed settings related to authentication according to the organization’s security policy.

SingleID manages the detailed settings related to authentication in the following four policies:

• Session policy
• Authenticator policy
• MFA Service Provider policy
• Password policy

To access the authentication policy menu, move as follows:

• Admin Portal > Policy > Authentication Policy

To modify the authentication policy, click the Modify button at the bottom right of the authentication policy screen, change the settings, and then click the Save button.

Session Policy

To change the session policy, follow the procedure below:

1. Click the Modify button at the bottom right of the authentication policy screen.
2. Set the maximum number of sessions that a user can create at the same time in the maximum session limit setting.
3. The minimum value that can be set is 1, and the maximum value is 100. If set to 1, the user can only log in from one browser at a time and cannot log in from multiple PCs or browsers simultaneously.
4. In the session priority setting, you can set the priority of the session created by the user. The priority can be one of the following two options:
   • Old session
   • New session

If the maximum session limit is set to 1 and Old session is selected in the maximum session limit setting, when a logged-in user attempts to log in from another PC or browser that is not logged in, the login will be blocked.

Additionally, if the maximum session limit is set to 1 and New session is selected in the maximum session limit setting, when a logged-in user attempts to log in from another PC or browser that is not logged in, the session of the previously logged-in browser will be forcibly expired, and the session of the new PC or browser will be maintained.

In the maximum session time setting, you can set the maximum time to maintain a session.

The maximum session time can be one of the following two options:

• No time limit
• Set time limit

If set to No time limit, once a session is created, it will not expire automatically until the user logs out. If set to Set time limit and a time is set, the session will expire when the set time passes, and the user will be automatically logged out. In the maximum idle session time setting, you can set the maximum idle session time.

If the maximum idle session time is set, the session will expire if the user does not make an authentication request within the set time, and the user will be automatically logged out.

To save the changed settings, click the Save button at the bottom right of the authentication policy screen.

To discard the changed settings without saving, click the Cancel button at the bottom right of the authentication policy screen.

Authenticator Policy

To change the Authenticator policy, follow the procedure below.

1. Click the Edit button at the bottom right of the authentication policy screen.
2. Set each item as follows.
3. When the settings are complete, click the Save button.

MFA Service Provider Policy

To change the MFA Service Provider policy, follow the procedure below.

1. Click the Edit button at the bottom right of the authentication policy screen.
2. Refer to the table below and set each item accordingly.
3. When the settings are complete, click the Save button.

Password Policy

To change the password policy, follow the procedure below.

1. Click the Edit button at the bottom right of the authentication policy screen.
2. Refer to the table below and set each item accordingly.
3. When the settings are complete, click the Save button.

Membership registration policy

To allow user membership registration, you must activate the membership registration policy, which allows registration of users other than those provisioned from the personnel system or IdP. It provides features to register, create, modify, and delete accounts through account synchronization, as well as invite users through the login screen or email.

To activate and use the membership registration policy, follow these steps:

1. Admin Portal > Policy > Membership registration policy.
2. Activate Allow user membership registration.
3. After activation, the Policy tab and User invitation tab will appear.
4. Refer to the explanations of the Policy tab and User invitation tab below and set the policy.
5. Once the settings are complete, click the Save button.

Policy

You can set general membership registration policies.

Approval Policy

The administrator can select the approval system and set the policy according to the type, such as sign-up policy and app access policy, with various approval lines. Various approval policies can be applied flexibly whenever the security policy changes.

Approval is possible by dividing it into self-approval system function and Knox Portal approval system. If you need to link with another approval system, please request it through 1:1 inquiry.

To check the approval policy, follow the path below.

• Admin Portal > Policy > Approval Policy

Approval Policy List

The administrator can select the approval system and set the policy according to the type, such as sign-up policy and app access policy, with various approval lines. Various approval policies can be applied flexibly whenever the security policy changes.

Approval Policy Registration

Register button, you can set the approval system, type, approver, notification method, and approval period.

Anomaly Detection Policy

SingleID collects and analyzes user behavior information in real-time before and after authentication, determining whether the authentication is abnormal. If it is identified as an abnormal authentication category, it immediately notifies the user of the risk.

To access the anomaly detection policy menu, follow these steps:

• Admin Portal > Policy > Anomaly Detection Policy

5 - Terms and Conditions

The company using SingleID can manage the Personal Information Processing Policy and Terms of Use, etc. according to the situation and characteristics of each company.

The organization can write a personal information processing policy according to the requirements and notify the user or show the terms of use or terms and conditions to the user using SingleID before use and obtain consent.

Through the Terms and Conditions menu, you can notify users of the Personal Information Processing Policy, Terms of Use, and Terms and Conditions, and obtain consent.

SingleID provides a basic template to make it easy to write terms and conditions.

To access the Terms and Conditions menu, move as follows.

• Tenant Admin Portal > Rebranding > Terms and Conditions

The functions provided by the Terms and Conditions menu are as follows.

• Terms and Conditions Attribute Setting
• Terms and Conditions Version Management
• Terms and Conditions Publication

Terms and Conditions List

The tenant administrator can view the terms and conditions in a list format.

The basic template provided by SingleID is as follows.

Terms Type Template

• Privacy
• Terms of Use
• Collection and Use of Personal Information
• Marketing

Conditions Type Template

• Are you over age 14?

Cookie Type Template

• Cookie

By clicking on the terms and conditions to be modified in the list, you can move to the detailed screen of the terms and conditions.

1. In the detailed screen of the terms and conditions, select the General Settings tab.
2. Click the Modify button.
3. You can modify the Title.
4. You can modify the Mandatory setting. The available options are as follows.
   • Mandatory: When this term or condition is posted to the user, if the user does not agree, the use will be restricted so that the user cannot log in further.
   • Optional: The agreement is up to the user’s choice, and even if the user does not agree to the terms and conditions, there is no restriction on logging in.
   • Reference: The agreement is not checked.
5. You can modify the description of the terms and conditions. The description is for reference by the administrator and is not displayed to the user.
6. After modifying all settings, click the Save button.

If you want to return to the inquiry state without saving the modified information, click the Cancel button.

Terms and Conditions Version Management

The tenant administrator can view and manage the version list of terms and conditions. The default version of terms and conditions is v1.0.0, and it is registered by default for each template when the tenant is created. To check the version list, click the Version History tab in the detailed screen of the terms and conditions.

Version History

The version history can be checked by clicking the Version item at the top of the personal information processing policy and terms of use.

By clicking List, you can check the history of previously published versions. Once a version is published, it cannot be modified.

Version Addition

By clicking the Add button on the Version History tab, you can create a new version of the terms and conditions.

To select version addition, follow the procedure below.

1. Click the Add button on the Version History tab.
2. Click the desired Locale to select the writing language.
3. The selected language represents the region where the terms and conditions will be displayed. The terms and conditions must be written for each language.
4. Enter the Title and Content for each language.
5. Click the Save button and click the List button to return to the list.

After completing the writing, review the written content.

Republishing

The newly written version is published by setting the republishing scheduled date.

To publish a new version, follow the procedure below.

1. Click the Republishing Scheduled Date button on the Version History tab.
2. Set the Version.
3. Set the Republishing Date.
4. Set the Republishing Modification. If activated, the modified terms and conditions will be republished, and the user may need to agree based on the General Settings > Mandatory setting.
5. Enter a simple reason for the modification.
6. Click the Publishing Settings button to complete the settings.

6 - Open Source licence

The open source licenses used in the SingleID solution are as follows: Please refer to the details below.

SingleID_MobileApp_Client-APK

The following sets forth attribution notices for third party software that may be contained in portions of this product. If you have any questions, please contact <global.cs@samsung.com.>

SingleID_MobileApp_Client-IOS

The following sets forth attribution notices for third party software that may be contained in portions of This product. If you have any questions, please contact global.cs@samsung.com

SingleID_MobileApp_Flutter-UMA

The following sets forth attribution notices for third party software that may be contained in portions of this product. If you have any questions, please contact global.cs@samsung.com

SingleID_SSO-Agent-Windows

The following sets forth attribution notices for third party software that may be contained in portions of this product. If you have any questions, please contact global.cs@samsung.com

SingleID_ADFS-Adapter

The following sets forth attribution notices for third party software that may be contained in portions of this product. If you have any questions, please contact global.cs@samsung.com