This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Admin Portal

SingleID not only allows authorized users to easily access information assets with a single authentication, but also enhances account security through policy-based permission management and real-time detection of abnormal authentication activities, and provides account management and access frameworks via comprehensive audit logs.

All authentication services and account management services of organizations using the SingleID service, as well as the establishment and configuration of security policies, are managed through the Admin Portal.

A user who can access the Admin Portal to configure and manage the system is called an administrator, and through the Admin Portal’s management functions, they can integrate the organization’s business systems without restriction and define security policies for accessing each business system.

The management functions provided by the Admin Portal are as follows.

functionExplanation
Notification ManagementYou can register posts to announce to the organization’s users through the user portal and manage the posting period and other settings. If there is urgent information related to system usage, you can post the content on the login screen so that even users who are not logged in can view it.
Application Integration ManagementIt connects the organization’s internal business systems or cloud-based business systems. You can configure it to use standard protocols such as SAML or OIDC for authentication integration, or use the SCIM protocol to import information such as accounts and groups into SingleID or export them via SingleID.
Identity Provider Integration ManagementIf an integrated authentication environment is already established within the organization, you can register that system as an Identity Provider so that applications linked by SingleID can be used without re-authenticating through SingleID. Authentication integration with any Identity Providers that use standard protocols such as SAML and OIDC is possible.
Authenticator ManagementYou can add and manage Authenticators to configure user identity verification or multi-factor authentication. Adding a desktop Authenticator such as PC SSO Agent enables multi-browser SSO.
MFA Service Provider Integration ManagementIf you want to enhance security when accessing business systems while using an already configured in‑organization authentication system, you can connect the business system to an MFA Consumer Provider and add only the multi‑factor authentication function to the system. By linking the system to an MFA Consumer Provider, you can configure the authentication environment to perform second‑factor authentication using the Authenticators added to SingleID.
User ManagementYou can view and edit all users registered in the organization, delete users, or directly register new users. You can also change a user’s group membership or assign permissions so the user can use the application.
Group ManagementYou can view and edit all groups registered in the organization, delete groups, or register new groups. You can also modify a group’s membership rules or assign permissions so that group members can use the application.
Login Policy ManagementYou can set detailed policies specifying which authentication methods can be used when a user logs in with SingleID, and, if needed, create and manage condition-based authentication policies for users authenticating in specific environments.
Authentication Policy ManagementAccording to the organization’s security policy, detailed authentication settings can be configured in the following four categories: Session policy, Authenticator policy, MFA Service Provider policy, Password policy.
Anomaly Detection Policy ManagementSingleID collects and analyzes user behavior data before and after authentication in real time to determine whether abnormal authentication activity is occurring, and provides a function that immediately notifies the user of risk when identified as belonging to an abnormal authentication category. Tenant administrators can manage detailed settings of policies for abnormal behavior detection and decide whether each policy is enabled.
Terms and Conditions ManagementUse the provided templates to register privacy policies, terms of service, usage conditions, and similar documents that fit the organization’s needs, then notify users and obtain their consent.
SMS SettingsSingleID issues an OTP via SMS for identity verification and authentication. In the SMS settings, you can configure and set the SMS messages sent by SingleID.
Table. Features provided by the Admin Portal

If you are using SingleID for the first time, you can set up the basic environment by configuring the features in the following order.


The supported SingleID connection environment and recommended specifications are as follows.

CategorySupportRecommendation
PCWindows : Windows Desktop 10 and 11 (x86 and x64 CPU Only)
  • Web Browser: Microsoft Edge, Latest public version
Windows : Windows Desktop 10 and 11 (x86 and x64 CPU Only)
  • Web Browser: Microsoft Edge 88.x or later, Chrome 87.x or later
Moblie(Android)Android : 8 and later versions
  • Web Browser: Samsung Internet Latest public version
Android : 8 and later versions
  • Models released in 2018 and beyond among Samsung Galaxy Mobile Products
  • Galaxy S9 ↑
  • Web Browser: Samsung Internet 9.0 ↑
Moblie(iOS)iOS : 16 ,17
  • Web Browser: Safari , Latest public version
iOS : 16 ,17
  • iPhone Xs ↑, Models released in 2018 and beyond among Apple iPhone Products
  • Web Browser: Safari 14.1 ↑
Table. SingleID connection environment support scope and recommended specifications

1 - Dashboard

Notifications are a feature that can deliver and share important alerts related to SingleID usage with users.

Administrators can register and manage notifications through the notifications menu. The administrator selects the notification type (normal/urgent) based on the notification content and priority, and when a notification is created, the user can receive the notification before login (urgent) or after login (normal/urgent).

Administrators can register and manage notifications to be delivered to users. There are two types of notifications, presented as follows.

typeExplanation
GeneralYou can create and deliver general notices to users. Users can view general notifications in the User Portal > Notifications menu.
UrgentYou can create and deliver an urgent notice to users. Users can view the urgent alert in a popup window on the login page.
Table. Notification Type

Notification

list

To view the notification list, access the menu as follows.

  • Admin Portal > Dashboard > Notifications
CategoryExplanation
typeNotification types.
  • General: When a notification is registered as a general announcement, users can view general notifications in the User Portal > Notifications menu.
  • Urgent: When a notification is registered as an urgent announcement, users can view urgent notifications in a popup on the login page.
TitleThis is the title of the notification.
PeriodThis is the period for announcing the notification.
RegistrantThe name of the registered administrator.
Registration DateThe date of initial registration.
ModifierEdited administrator name.
Modified dateThe date of the final modification.
All buttonBoth regular notifications and urgent notifications can be viewed in the list.
General buttonOnly regular notifications can be viewed in the list.
Emergency buttonOnly urgent alerts can be viewed in the list.
Search term input fieldYou can search the notification list. Enter a search term and click the magnifying glass icon or press Enter to perform the search.
- Searchable fields: Title, Creator, Modifier
※ Exact match search is possible using ‘full name’, ‘first name’, or ’last name’ for encrypted personal data.
Details buttonDetailed searches are possible. Search criteria can be combined using AND. After entering multiple fields, click the Search button, and the search will be performed according to the criteria.
  • When you click the Reset button, all search fields are reset.
Register buttonYou can register a new notification.
Table. List

Register notification

To register a notification, follow the steps below.

  1. Admin Portal > Dashboard > Notifications Click the menu.
  2. Register button, when clicked, navigates to the notification registration page.
  3. Check the input fields below and select and enter the details.
  4. Click the Save button.
  5. Check the notifications registered in the list.
CategoryRequired or notExplanation
typeRequiredSelect notification type “Normal”, “Urgent”
PeriodEssentialSpecify the notification posting period “Start date~End date”
languageRequiredSelect notification language (activates the “Language” tab based on the selected language)
TitleRequiredNotification Title
contentRequiredWrite notification content
Table. Alarm registration
Reference

If you exceed the maximum number of characters that can be entered, an error message will be displayed.

All required fields must be entered in every active tab. When you click the Cancel button, you go to the notification list screen without saving data.

Edit notification

To edit the notification, follow the steps below.

  1. Click the Admin Portal > Dashboard > Notifications menu.
  2. Select the notification that needs editing, and click the Edit button at the bottom of the screen.
  3. After editing the field you want to modify, click the Save button.
  4. Check the edited notifications in the list.

Delete notification

To delete the notification, follow the steps below.

  1. Click the Admin Portal > Dashboard > Notifications menu.
  2. Select the notifications you want to delete, and click the Delete button at the top right of the screen.
  3. The notification delete popup appears.
  4. Click the Confirm button to delete the notification.

Approval request

When you click the approval request menu, the administrator can view and cancel all users’ approval requests.

Approval requests consist of the Approval Request List and Approval Request Queue tabs.

Approval request list

If you click the Approval Request List tab, you can view all approval requests.

There are four types of approval request statuses. You can easily filter and view using the Approval Request, Approved, Rejected, Cancel Submission buttons at the top. If you want an advanced search, you can use the advanced search in the search bar at the top right.

  • Approval Request: Shows the status of all approval requests.
  • Approval: Shows all approved statuses.
  • Rejected: Shows approval request items that have been rejected.
  • Submission Cancelled: Shows approval requests where the approval has been cancelled.

The description of the approval request list items is as follows.

NameExplanation
Approval systemIt represents the approval system based on the approval policy. You can verify which approval system the request was made through.
Policy > Please refer to the Approval Policy.
typeThese are types of approval requests. App Access, Sign‑up, Usage Period types are available.
- App Access: type for application access requests.
- Sign‑up: type for sign‑up requests during registration.
- Usage Period: approval request used when extending the account usage period before it expires.
TitleThis is the approval request title.
RequesterI am the approval requester.
Recent update dateThis is the update date of the recent approval list.
Request date and timeThis is the initial approval request date and time.
statusIt shows the status of the approval request and corresponds to the button at the top.
Table. Approval request list

View and cancel approval requests

When you click the approval request list, the information for that approval request appears in a popup.

View approval request list

A list of all approval requests is displayed.

To view the details of an approval request, click on the item, and the information will pop up.

NameExplanation
TitleThis is the approval request title.
Approval SystemIt represents the approval system based on the approval policy. You can verify which approval system the request was made through.
policy > Please refer to the approval policy.
statusIndicates the result of processing the approval request.
Request dateThis is the initial approval request date and time.
Last modified dateThis is the most recent modification date for the approval request.
RequesterInformation of the approval requester. ID, name, and organization/department details are displayed.
ApproverThis is the approver’s information. ID, name, organization/department, task, and date information are displayed.
NotifierThis is the notifier’s information. ID, name, organization/department, and date information are displayed.
Table. View approval request list

Reference
If an approval request has not yet been completed, the administrator can cancel it via the Cancel Request button when needed.

Approval request queue

Click the Approval Request Queue tab to view all pending approval requests and delete them using either select all or selective selection. Through detailed search, if the requester has resigned or the approver is absent, the administrator can arbitrarily cancel (delete) the approval request.

Delete approval request

To delete the approval request, follow the steps below.

  1. Please check(v) the left selection box in the list.
  2. The Delete button is enabled at the top of the list. 2. Click the Delete button.
  3. Request Deletion Popup appears. 3. Click the Delete button.
  4. The selected approval request in the list has been deleted.

Sign up

Click the Sign Up menu to display the list of sign‑up requests.

Sign-up request

When you click the sign‑up request tab, the list of sign‑up requests appears.

There are four types of approval request statuses. You can easily filter and view using the Approval Request, Approved, Rejected, and Cancel Submission buttons at the top. If you want an advanced search, you can use the advanced search in the search bar at the top right.

  • Approval Request: Shows the status of all approval requests.
  • Approval: Displays all completed approval statuses.
  • Rejection: Shows approval request items that have been rejected.
  • Submission Cancel: Shows approval requests where the approval has been canceled.
nameExplanation
typeThese are the types of approval requests. Standard, IdP* types are available.
- Standard: When the request is submitted through the sign‑up on the login page or a separate sign‑up page
- Idp: When the sign‑up is requested via an Identity Provider
Approval systemIt shows the approval system according to the approval policy. You can verify which approval system was used for the request.
Please refer to the Policy > Approval Policy.
RequesterI am the approval requester.
nameRequester name. Exact match search is possible using encrypted personal data with ‘full name’, ‘first name’, or ’last name’.
emailThis is the requester’s email address. As encrypted personal data, exact match searches are possible using the full email address or the portion before the ‘@’.
mobileThis is the requester’s mobile number. Since it is encrypted personal data, an exact match search using the last four digits of the phone number is possible.
statusIt shows the status of the approval request and corresponds to the button at the top.
Registration DateThis is the sign-up registration date.
Modified dateLast modified date and time.
Table. Approval Request List

Sign-up email invitation

An email invitation for account registration is a method where the administrator sends an invitation email to the desired user’s email address, allowing them to sign up. You can send up to 50 invitation emails at a time.

To send an invitation email, follow the steps below.

  1. Dashboard > Sign Up > Sign Up Email Invitation Click the tab.
  2. Click the Send Invitation Email button at the top right.
  3. Send Invitation Email Popup appears.
  4. Enter the email address to invite in the email field, and click the Add button.
  5. Select the group that will be automatically assigned when a recipient joins the group item. (If not set, the group is unspecified)
  6. Click the Invite button at the bottom right of the popup.
  7. An invitation email will be sent to the specified email address.
Reference
Refer to the Policy > Sign‑up Policy menu for detailed registration policies.

2 - Integration

Integration is a service that configures and manages authentication services and account information for various applications.

In SCP SingleID, we support integration with new applications through customized authentication integration and account provisioning services, as well as a DIY (Do-It-Yourself) feature.

Through the integration menu, it provides integration management functions such as Application, Identity Provider, Authenticator, MFA Service Provider.

Application

The application is a menu for registering and linking various applications to apply SCP SingleID’s authentication service.

The administrator can register or edit a new application through the application list screen, and can sort, search, and delete registered applications.

Application List

The administrator can select a registered application on the application list screen to edit/delete, sort, search, etc., and can navigate to a menu screen where a new application can be registered through registration.

To view the list of applications, access the menu as follows.

  • Admin Portal > Integration > Application
CategoryExplanation
NameThis is the name of the application. It can be entered when creating the application.
typeThe application integration protocols are classified as SAML, OIDC, and SCIM.
Screen displayThis is an item displayed in the User Portal application list.
  • Screen display: It is shown to users in the User Portal, allowing them to request access permissions.
  • Blank: It is hidden in the User Portal, so users cannot request it directly.
statusApplication status. It is divided into active and inactive.
  • Active: The state where the administrator has completed the settings so that the user can access the application
  • Inactive: The state where, due to the administrator’s settings, the user cannot access the application
All buttonDisplays both active and inactive applications in the list.
Active buttonOnly active applications are displayed in the list.
Disabled buttonOnly inactive applications are displayed in the list.
Search term input fieldApplication list can be searched. After entering a search term, click the magnifying glass icon or press Enter to perform the search.
  • Searchable items: name, description
Details buttonYou can perform detailed searches. Search conditions can be combined with AND. After entering multiple fields, click the ‘Search’ button to retrieve results that match the criteria.
  • Reset button click will clear all search fields.
Download buttonSAML metadata download is available. You can download SAML metadata files from the internal network and the Internet.
Register buttonYou can register a new application.
Table. Application List

Application registration

The administrator can register the application by clicking the Register button on the list screen.

Application registration can be done using two methods: Custom App Integration and Pre-Built App Integration.

To register an application, access the menu as follows.

  • Admin Portal > Integration > Application > Register Click the button
  • Custom App Integration or Pre-Built App Integration Select tab

Custom App Integration

Custom App Integration registration is the connection menu for authenticating the application you want to integrate and provisioning the account.

We provide three types of connection functions as follows.

When registering an application by linking authentication, you provide and select the type (SAML, OIDC) according to the standard authentication integration method.

When registering an application by linking account provisioning, we provide the standard online API method (SCIM).

Reference

The integration features provided by SingleID can be categorized as follows, and the information input and configuration steps vary depending on the required integration scope. When configuring the standard authentication integration methods SAML and OIDC, if you do not select account provisioning, the attribute linking step is omitted, shortening the registration process.

Standard protocolAuthentication integration, account deployment integrationAuthentication integrationAccount deployment integration
SAML-
OIDC-
SCIM--
Table. Standard protocol

To register the application Custom App Integration, follow the steps below.

  1. Click the Admin Portal > Integration > Application > Register button
  2. Custom App Integration > Web Application(SAML) orWeb Application(OIDC) or Identity Provisioning(SCIM v2.0) Select > Next Click the button
  3. Go to detailed settings

You can register an application by entering and configuring the information required for integration through a six-step screen as shown below.

Applications using standard protocols (SAML, OIDC, SCIM) can register information and configure policies and attributes through a screen consisting of the following six steps.

  1. General
  2. SSO
  3. Provisioning
  4. Profile
  5. Policy
  6. allocation

General

Enter the general application information as referenced below.

CategoryExplanationWhether required
NameEnter the application name.Required
ExplanationEnter the description for the application.Selection
logo imageRegister the logo. (File upload or URL link)Selection
Screen displayDisplayed to the user in the User Portal.Select
Access URLEnter the application access URL.Required
Automatic logoutConfigure automatic logout according to the session policy.Selection
Automatic redirectionSet automatic redirection to the Service Provider after logout.Selection
URL after logoutEnter the URL to navigate to on logout (if left blank, use Access URL)Selection
Table. Application General Information
Reference
Delete Application If you want to delete, select the checkbox ([V]) and click the Delete button at the top of the list.

SSO

On the SSO information entry screen, enter the Single Sign On configuration settings.

CategoryExplanationRequired or not
IssuerEnter the SP’s unique identifier value.Required
Single Sign-On URLEnter the full URL for login.Required
Logout URLEnter SLO Return URL.Selection
Logout methodProvides Back-Channel Logout, Front-Channel Logout(HTTP Redirect Binding), Front-Chennel Logout(HTTP POST Binding).Required
Response SigningThis is the SAML Response signature configuration.Selection
Validation On-RequestThis is the setting for enabling Signature Validation.Selection
EncryptionThis is the setting for whether encryption is applied.Selection
Application CertificateCertificate registration (PEM format)Required
Attribute to map during SSOSelect SSO connection attribute information and set unique values.Required
‘Import Metadata File’ buttonProvides SAML metadata file upload functionality (identifies IdP endpoint and certificate).Selection
Table. SSO information
Reference

Single Sign-On Configuration

  • If you select either Validation On Request or Encryption, you must register a certificate. * (Register the certificate value exported as Plain Text)
  • Attribute to map during SSO You can click Add to select attribute information provided by SingleID. * You must select a unique value for user identification among the selected attributes.
  • To deliver SingleID attribute information to the connected target application, you can map the SingleID attribute name to the attribute name used by the application and transmit it. * The information communicated during authentication is called claim information, and the received data is used by the SP to set permissions or as attribute information for operation and management.

Provisioning

The Provisioning menu is an account management feature that can distribute user information to applications for synchronization. SingleID provides global standard API specifications such as SCIM and REST.

On the Provisioning information entry screen, enter the configuration settings for account distribution.

CategoryExplanationWhether required
Provisioning ConfigurationTo use account information synchronization, please click the On button. Selecting Off allows you to SKIP account synchronization.Required
Base AddressEnter the Base Address (URL) that defines the Endpoint of the target system supporting the SCIM API.Required
AcceptEnter the Accept information (e.g., application/json) used as the HTTP Accept Header value in SCIM REQUEST.Required
Content TypeEnter the Content Type (e.g., application/json), which is the HTTP Content-Type header value used in SCIM requests.Required
User NameRegister the User Name used for authentication to the target REST service.Required
PasswordSet the password used for authentication to the target REST service.Required
Bearer TokenRegister the Bearer Token used when calling the API (for authorization).Selection
Client IDRegister the Client ID. The Client ID is an identifier issued by the authorization server to a registered client, and because the Client ID itself is information disclosed to the resource owner, it must not be used alone for client authentication.Selection
Client SecretRegister the Client Secret information. The Client Secret is a secret generated by the authentication server, a unique value known only to the authentication server.Selection
Access Token Node IDRegister the Access Token Node ID. The Access Token Node ID serves as the Field ID of a JSON Object Node, is returned from the target Access Token REST service, and includes the token value. The Access Token is used to authorize access to resources. It is important that the resource server accepts only the Access Token from the client.Selection
Access Token Base AddressRegister the Access Token Base Address (URL) required to obtain an Access Token as the Base Address of the target REST service.Selection
Access Token Content TypeRegister the Access Token Content Type (e.g., application/x-www-form-urlencoded), which is the HTTP Content-Type header value of the target Access Token REST service.Required
ProvisioningWhen provisioning, select either a user or a group by default, and if needed, you can select both users and groups.Selection
Inbound Provisioning ScheduleClick On to register periodically (hourly, daily, monthly, yearly) via the Intbound Provisioning Schedule.Selection
Outbound Provisioning ScheduleYou can click On to register an Outbound Provisioning Schedule. Clicking Off allows real-time deployment.Selection
Table. Provisioning information entry
Reference
If you select “Off” for Provisioning Configuration, the Provisioning and profile stages are skipped, and the application registration is set to use only the authentication service, completing the process.

Profile

Enter the configuration information for User/Group for deployment on the profile information input screen.

CategoryExplanationRequired or not
Profile nameEnter the profile name.Required
ExplanationRegister a description for the profile.Select
attributeClick Add to select and input attribute information.Selection
Table. Enter profile information
Information

Profile Mapping

  • In the tab menu for selecting the provisioning target, click User, Group to add properties.
  • Click Profile Mapping to align and connect the required information in the target application based on the SCIM schema information.
  • Provides a feature that allows you to configure an execution script (a conversion script based on the JEXL standard script) capable of real‑time conversion when running provisioning. Note that it executes exactly as entered, without any validation checks.

After entering all items, click the Complete button to complete the basic application settings. When you complete registering a new application, it is added to the application list, and new tabs called Policy, Assignment are created.

Policy

You can configure login policy and access control information for application policy settings.

CategoryExplanationRequired or not
Login PolicyConfigure the login policy applied when logging into the application. To set it, please assign the application in the login policy.Selection
Access controlThis setting controls the user’s access to the app. When enabled, you can configure whether to request permission to access the application and whether it is approved.Selection
Table. Policy Settings

Allocation

Register information for assigning application users based on users and groups. This menu assigns access permissions by configuring the users and groups that can access the registered application.

To assign a user, follow the steps below.

  1. When you click the application, you will be taken to the application’s detail page.
  2. Click the Assignment tab and click the User tab > Assign button.
  3. User Assignment When the popup appears, select the user to assign, and click the Assign button.
  4. In the Assignment tab, the selected user appears in the list.
Caution

Similarly, you can assign a predefined group via the Assign button on the Group tab. Assign the group using the same method.

Group Settings

  • When configuring the groups that can access the application, set it to include information that defines and distinguishes specific groups.
  • You must define rules and groups in advance so that you can manage access permissions using member rules that distinguish groups.
Reference

Application State

  • Activation (Active): Exposes the application in the User Portal and, by configuring Sign-On services, provisioning, policies, etc., places it in a state where users can access and use the application.

  • Inactive: It does not expose the application in the User Portal and is a state where the application can be deleted.

  • Delete: When deleting a registered application, caution is required. * Thus, we display a popup window to allow a second verification of the application’s information and status.

Pre-Built App Integration

The Pre-Built App Integration menu offers a convenient way to quickly connect and use the desired SaaS application, with necessary settings such as connection information, name, and icon prepared in advance.

To integrate the application using Pre-Built App Integration, refer to the menu path below.

  • Admin Portal > Integration > Application > Register > Pre-Built App Integration Click the tab
  • Select Application > Next button click
  • Go to detailed settings

The Pre-Built App Integration menu, like the Custom App Integration menu, allows you to register an application by entering the required integration information and configuring it through a six-step screen as shown below.

The input items and methods for each step are the same, except for the information that has been predefined and entered for Pre‑Built.

  1. [General] {#general-1}
  2. [SSO] {#sso-1}
  3. [Provisioning] {#provisioning-1}
  4. [Profile]{#file-1}
  5. [Policy] {#policy-1}
  6. [Assignment] {#configuration}

General

Enter the general application information as referenced below.

CategoryExplanationRequired or not
NameEnter the name of the application.Required
ExplanationEnter a description of the application (tasks, purposes, etc.).Selection
logo imageRegister a logo that intuitively identifies the application. Both file upload and URL link methods are available.Selection
Screen displayWhen selected, it is displayed to the user in the User Protal.Selection
Access URLEnter the application’s Access URL. Enter the login page for the application you will access.Required
Automatic logoutWhen selected, the session policy automatically logs out without re‑confirmation.Selection
Automatic redirectionWhen selected, it redirects to the Service Provider without displaying the logout completion page.Selection
URL after logoutEnter the URL to navigate to when the user logs out. If left blank, it will be set to the Access URL.Selection
Table. General

SSO

Enter the Single Sign On configuration information on the SSO information entry screen.

CategoryExplanationRequired status
IssuerEnter the Issuer, which is the unique identifier of the SP (Service Provider) and the value verified by the Response Issuer.Required
Single Sign-On URLEnter the Single Sign-On URL, the full URL required when logging into the system.Required
Logout URLEnter the Logout URL, which is the URL value for SLO (Single Logout) Return.Selection
Logout methodThe logout methods for SLO (Single Logout) Return are provided in three ways as follows.
  • Back-Channel Logout: The user is logged out securely from the application without any interaction.
  • Front-Channel Logout (HTTP Redirect Binding): The user interacts to securely log out from the application using a browser-based logout (HTTP Redirect Binding) method.
  • Front-Chennel Logout (HTTP POST Binding): The user interacts to securely log out from the application using a browser-based logout (HTTP POST Binding) method.
Required
Response SigningTo sign the returned SAML Response after the authentication process, use Response Signing.Selection
Validation On-RequestCheck to enable Signature Validation.Selection
EncryptionSelect whether to apply encryption.Selection
Application CertificateIf you select either Validation On Request or Encryption, you must register a “certificate”. Please enter a valid value according to the PEM(Privacy-Enhanced Mail) format.Required
Attribute to map during SSOSelect the attribute information required for SSO connection and set a unique value for user identification. ※ The ‘Next’ button becomes active only after selecting the Subject Attribute.Required
‘Import Metadata File’ buttonThe SAML metadata file contains information about various SAML identity providers that can be used for SAML 2.0 protocol message exchanges. This metadata identifies the IdP endpoints and certificates to secure SAML 2.0 message exchanges. Clicking Import metadata file allows you to upload a file.Selection
Table. SSO Information
Information

Single Sign-On Settings

  • If you select either Validation On Request or Encryption, you must register a certificate. * (Register the certificate value exported as plain text)
  • Attribute to map during SSO You can click Add to select the attribute information provided by SingleID. * A unique value for user identification must be selected among the chosen attributes.
  • To pass SingleID attribute information to the connected target application, you can align the SingleID attribute name with the attribute name mapped in the application. * The information communicated during authentication is called claim information, and the received data is used by the SP to set permissions or as attribute information for operation and management.

Provisioning

The Provisioning menu is an account management feature that can distribute user information to applications for synchronization. SingleID provides global standard API specifications such as SCIM and REST.

Enter the configuration settings for account information distribution on the Provisioning information input screen.

CategoryExplanationRequired or not
Provisioning ConfigurationClick the ‘On’ button to enable account information synchronization. Selecting ‘Off’ allows you to SKIP account synchronization.Essential
Base AddressEnter the Base Address (URL) that defines the Endpoint of the target system supporting the SCIM API.Required
AcceptEnter the Accept information (e.g., application/json) used as the HTTP Accept Header value in SCIM REQUEST.Required
Content TypeEnter the Content Type (e.g., application/json) that is the HTTP Content-Type header value used in SCIM requests.Required
User NameRegisters the User Name used for authentication to the target REST service.Required
PasswordSet the password used for authentication to the target REST service.Required
Bearer TokenRegister the Bearer Token used when calling the API (for authorization).Selection
Client IDRegister the Client ID. The Client ID is an ID issued by the authorization server to a registered Client, and because the Client ID itself is information disclosed to the resource owner, it must not be used alone for Client authentication.Selection
Client SecretRegister the Client Secret information. The Client Secret is a secret generated by the authentication server, a unique value known only to the authentication server.Selection
Access Token Node IDRegister the Access Token Node ID. The Access Token Node ID serves as the Field ID of a JSON Object Node, is returned from the target Access Token REST service, and includes the token value. The Access Token is used to authorize (authorize) access to resources. It is important that the resource server accepts only the Access Token from the client.Selection
Access Token Base AddressRegister the Access Token Base Address (URL) required to obtain an Access Token as the Base Address of the target REST service.Selection
Access Token Content TypeRegister the Access Token Content Type (e.g., application/x-www-form-urlencoded), which is the HTTP Content-Type header value of the target Access Token REST service.Required
ProvisioningWhen provisioning, select either a user or a group by default, and if needed, you can select both users and groups.Selection
Inbound Provisioning ScheduleClick On to register periodically (hour, day, month, year) via the Intbound Provisioning Schedule.Select
Outbound Provisioning ScheduleClick On to register an Outbound Provisioning Schedule. Click Off to deploy in real time.Selection
Table. Provisioning information
Reference
If you select “Off” for Provisioning Configuration, the Provisioning and profile stages are skipped, and the application registration is set to use only the authentication service, completing the process.

Profile

On the profile information entry screen, enter the user/group settings for deployment.

CategoryExplanationRequired or not
Profile nameEnter the profile name.Required
ExplanationRegister a description for the profile.Required
attributeClick Add to select and enter the property information.Required
Table. Profile
guide

Profile Mapping

  • In the tab menu for selecting the provisioning target, click User, Group to add properties.
  • Click Profile Mapping to align and connect the required information in the target application based on the SCIM schema information.
  • Provides the ability to configure an execution script (written as a conversion script based on the JEXL standard script) that can perform conversion in real time when running provisioning.

Note that it executes exactly as entered, without any validation checks.

After entering all items, click the Complete button to complete the basic application configuration. When you complete registering a new application, it is added to the application list, and new tabs called Policy, Assignment are created.

Policy

You can configure login policies and access control information for application policy settings.

CategoryExplanationRequired status
Login PolicyConfigure the login policy applied when logging into the application. To set it, assign the application in the ‘Login Policy’ you want to configure.Selection
Access controlThis setting controls the user’s access to the app. When enabled, you can configure whether to request permission to access the application and whether approval is granted.Selection
Table. Policy

Allocation Settings

Register information for assigning application users based on users and groups. This menu assigns access permissions by configuring the users and groups that can access the registered application.

To assign a user, follow the steps below.

  1. When you click the application, you are taken to its detail page.
  2. Click the Assign tab and then click the User tab > Assign button.
  3. User Assignment popup appears, select the user to assign, and click the Assign button.
  4. The selected user appears in the list on the Assignment tab.
Caution

Similarly, in the Group tab, you can assign a predefined group using the Assign button. Assign the group using the same method.

Group Settings

When configuring the groups that can access the application, set it to include information that defines specific groups for distinction. You must define rules and groups in advance so that you can manage access permissions with member rules that can distinguish groups.

Reference

Application State

  • Activation (Active): Exposes the application in the User Portal and, by configuring Sign-On services, provisioning, policies, etc., places the application in a state where users can access and use it.
  • Inactive: It does not expose the application in the User Portal and is a state where the application can be deleted.
  • Delete: When deleting a registered application, caution is required. * Thus, we display a popup window to allow a second verification of the application’s information and status.

Application modification

When you click an application in the list view, you can edit its settings.

To modify the application, follow the steps below.

  1. Click the Admin Portal > Integration > Select Application > Edit button.
  2. Click the General, SSO, Provisioning, Policy, Assignment, Aggregation, Permission Items, Rebranding tab to edit the items you want to modify.
  3. Click the Save button.
Reference
Please refer to Application Registration for editing items in the General, SSO, Provisioning, Policy, Assignment tab.

Permission item

The permission items provide synchronization by linking the user roles of the integrated application with SingleID.

Register permission item

To set the permission items, follow the steps below.

  1. When you click the application, you are taken to its detail page.
  2. Click the Allocation tab and the Permission Items tab > click the Register button.
  3. When the Permission item popup appears, you need to register the permission item.
  4. Enter Name, Key, Display Name, Content and click Save to register the permission.
CategoryExplanationRequired status
NameEnter the permission name.
The permission name cannot be changed after it is registered once. If you want to change it, you need to register a new one.		Required
KeyEnter the authorization key. The authorization key cannot be changed after it is registered once. If you want to change it, you need to register a new one.Selection
Display nameEnter the permission display name.Selection
ExplanationEnter the permission description.Selection
Table. Permission Registration
Reference
SSO, Permission Items, Rebranding tab is not displayed on the screen when integrated via the SCIM protocol.

Rebranding

A rebranding tab that does not appear during registration in the application is added. Rebranding of the application includes login page rebranding functionality when accessed as a separate application.

The included rebranding features are as follows.

  • Favicon: The favicon can be modified in the browser.
  • Header logo: The header logo on the login screen can be modified to the logo you desire.
  • Key visual image: The key image set by default on the login page can be modified.
  • Sign‑up page redirection: Registration can be directed to a separate operational sign‑up page instead of SingleID’s sign‑up page.
  • Privacy Policy Redirection: You can register the privacy policy URL that was used in the existing application.
  • Terms of Service redirection: You can register the Terms of Service URL previously used in the existing application.

UI

From the list screen, click the application, then in the Rebranding tab, click the Edit button to configure application-specific rebranding settings for the UI.

guide
Clicking the temporary save button at the lower right allows you to save the settings midway.
Change favicon

In the application, you can set a custom favicon to match the characteristics of the enterprise application.

To modify the favicon, follow the steps below.

  1. Admin Portal > Integration > Select Application > UI > Edit Click the button.
  2. Select custom in the Favicon item.
  3. Favicon image (pencil shape) item, then click the favicon image.
  4. Upload an icon file or enter the icon image URL.
  5. Click the Save button and use the preview screen to confirm that the upload was successful. 6.Korean page Enter the title in Korean.
  6. English page Enter the title in English.
  7. Once the input is complete, use the preview on the right to confirm that it was entered correctly.
  8. Click the Publish button at the lower right corner.
Information
The recommended size for the favicon image is 256 × 256 px, and only ICO files are supported; please upload a file no larger than 2 MB. Favicon images are applied only on PC screens.
Header logo change

In the application, you can configure separate header logo changes to match the characteristics of the corporate application.

To modify the header logo, follow the steps below.

  1. Click the Admin Portal > Integration > Select Application > UI > Edit button.
  2. Select Custom in the Header Logo item.
  3. You can select and configure a text logo or an image logo.
  4. Enter the Korean Redirect URL and the English Redirect URL.
  5. If the input is complete, use the preview on the right to confirm that it was entered correctly.
  6. Click the Publish button at the lower right.
Information
The recommended size for the header logo image is 288 × 72 px. Only PNG, JPG, and JPEG files are allowed, and please upload files no larger than 1 MB. You can set the logo image separately for each language.
Key visual change

In the application, you can configure separate key visual changes to match the characteristics of the corporate application.

To edit the key visual, follow the steps below.

  1. Admin Portal > Integration > Select Application > UI > Edit Click the button.
  2. In the key visual item, select Custom.
  3. Click to use a single key visual for all languages or language‑specific key visuals.
  4. If the image upload is complete, verify through the right preview that it was entered correctly.
  5. Click the Publish button at the lower right corner.
Information
The recommended size for the key visual image is 600 x 612 px. Only PNG, JPG, and JPEG files are allowed, and please upload files no larger than 1 MB.

Redirection

From the list screen, click the application, then in the Rebranding tab, click the Edit button to configure application‑specific rebranding settings for the redirect.

Information
You can save the settings midway by clicking the temporary save button at the bottom right.
Sign up

Sign-up allows you to configure a registration link for each application.

CategoryExplanation
defaultWe use the default registration provided by SingleID instead of a separate sign‑up page. The default settings can be configured in the registration policy.
User-definedIf you operate a separate sign‑up page, you can set a separate Redirection link.
  • Use a single URL for all languages: Enter a common Redirect URL regardless of language settings.
  • Use language‑specific URLs: Enter a Redirect URL for each language.
HiddenIf you do not accept separate sign‑ups, select Hide.
Table. Sign up
information
The login page design is displayed via the preview. You can click the Korean and English buttons to view previews for each language.
Privacy Policy

The privacy policy can be redirected to the URL link of the privacy policy provided for each application.

CategoryExplanation
defaultSet as the default privacy policy for SingleID.
User-definedIf you operate a privacy policy for a separate application, you can set a separate Redirection link.
  • Use a single URL for all languages: Enter a common Redirect URL regardless of language settings.
  • Use language‑specific URLs: Enter a Redirect URL for each language.
Table. Privacy Policy
Terms of Use

The Terms of Service can be redirected to the privacy policy URL link provided for each application.

CategoryExplanation
defaultSet as SingleID default terms of service.
User-definedIf you operate terms of service for a separate application, you can set a separate Redirection link.
  • Use a single URL for all languages: Enter a common Redirect URL regardless of language settings.
  • Use language-specific URLs: Enter a Redirect URL for each language.
Table. Terms of Use
information
The login page design is displayed via the preview. You can click the Korean and English buttons to view previews for each language.
Reference
SSO, Permission Items, Rebranding tab is not displayed on the screen when integrated via the SCIM protocol.

Delete application

On the application list screen, select the application, deactivate it, then return to the list screen and you can delete it from the three‑dot menu.

Identity Provider

This is the menu for registering and managing IdPs that provide authentication services and credentials to SCP SingleID. At this point, the SCP SingleID acts as a Service Provider and receives authentication services from the IdP.

Identity Provider list

On the list screen, you can select a registered Identity Provider to edit/delete, sort, search, etc., and you can navigate to a menu screen where you can register a new Identity Provider.

To view the Identity Provider list, you can access the following menu.

  • Admin Portal > Integration > Identity Provider
CategoryExplanation
NameIdentity Provider name.
typeDisplays the standard protocols registered for the Identity Provider. Identity Provider types are distinguished by SAML2.0 and OIDC methods.
statusDisplays the status of the Identity Provider. It is distinguished as active or inactive.
Active buttonOnly active Identity Providers are displayed in the list.
disabled buttonOnly inactive Identity Providers are displayed in the list.
Search term input fieldYou can search the Identity Provider list. After entering a search term, click the magnifying glass icon or press Enter to perform the search. Searchable fields: name, description
Details buttonDetailed searches are possible. Search conditions can be combined using AND. After entering multiple fields, click the Search button to perform a search that matches the criteria. Click the Reset button to clear all search fields.
Download buttonSAML metadata download is available. You can download SAML metadata files from the internal network and the Internet.
Register buttonYou can register a new application.
Table. Identity Provider list
Reference
Delete Identity Provider If you want to delete, select the checkbox (V) and click the Delete button at the top of the list.

Identity Provider registration

On the Identity Provider list screen, click Register at the top to add a new entry.

To register an Identity Provider, follow the steps below.

  1. Admin Portal > Integration > Identity Provider > Register Click the button
  2. Custom App Integration > Web Application(SAML) or Web Application(OIDC) Select > Next Click the button
  3. Go to detailed settings

You can register an Identity Provider by entering and configuring the required integration information through a three-step screen as follows.

  • [General] {#General-2}
  • [SSO] {#sso-2}
  • [JIT provisioning] {#jit}

General

Enter the general information for the IdP (Identity Provider).

CategoryExplanationRequired or not
nameEnter the name of the Identity Provider. Since it is identified by its name, rules are needed for distinction and management.Required
ExplanationEnter a description of the Identity Provider (including its functions, purposes, etc.).Select
logo imageRegister a logo that intuitively identifies the Identity Provider.Select
Login buttonDisplay the IdP as a button/link (text) etc.
  • Logo icon display: Choose whether to show the logo icon on the login button.
  • Button text: Enter the text to display on the login button.
Required
Table. Identity Provider General

SSO

Enter the Single Sign-On configuration information on the SSO input screen.

When integrating with a Web Application (OIDC)

CategoryExplanationRequired or not
Client IDRegister the Client ID. The Client ID is an ID issued by the authentication server to a registered Client, and because the Client ID itself is information disclosed to the resource owner, it must not be used alone as the Client ID during client authentication.Required
Client SecretRegister the Client Secret information. The Client Secret is a unique value known only to the authentication server, used as secret information when authenticating to the target REST service.Required
Authorization Endpoint URLThe Authorization Endpoint must obtain authorization from the Resource Owner. Enter the Authorization Endpoint URL, which is the URL value used at this time.Required
Token Endpoint URLThe Token Endpoint is used by the client and obtains an Access Token via an Authorization Grant or a Refresh Token. Enter the Token Endpoint URL, which is the URL value used at this time.Required
Logout URLEnter the Logout URL, which is the URL value for SLO (Single Logout) Return.Selection
Userinfo Endpoint URLEnter the Userinfo Endpoint URL provided by the IdP(Identity Provider) that includes the user profile (username, name, etc.).Selection
IdP Sign-In KeySet the IdP Sign-In Key value and select the SingleID mapping property for the IdP Sign-In Key.Required
Table. Web Application (OIDC) SSO
Information

IdP Sign-In Key Configuration There are two methods to process login in SCP SingleID by receiving the key value that provides the ID.

  • How to obtain the identifier ID value using a standard SAML keyword
  • How to create and receive a custom identifier ID

You can map the name obtained by one of the above methods to User ID, or you can also map it to the CN value. This feature configures how authentication information is mapped to a value for processing login.

JIT provisioning

The JIT provisioning feature tab has been added to the Identity Provider. This feature synchronizes the account in real time when a user’s changes occur. You can configure items when the account is synchronized in real time.

CategoryExplanationRequired or not
JIT provisioningJIT provisioning, short for Just-In Provisioning, is an ID and access management feature used to quickly create user accounts when a user logs into the system for the first time.
  • The feature can be set to On or Off.
Required
If there is no SingleID user mapped to the IdP user.When a user accesses for the first time, manage the action.
  • Navigate to the sign‑up page: create a new account. To prevent ID duplication, set a distinct ID suffix for the logged‑in ID.
  • Automatically create a new SingleID user without user invitation: automatically generate an ID.
  • Navigate to the user registration website: if a separate user sign‑up page exists, go to that separate registration page.
Required
If there is a SingleID user mapped to the IdP userIf a user exists, update the user information.Required
Table. JIT provisioning

After entering all items, click the Complete button to complete the basic application setup.

Modify Identity Provider

On the list screen, you can modify the settings by clicking the Identity Provider.

If you want to modify the Identity Provider, follow the steps below.

  1. Click the Admin Portal > Integration > Select Identity Provider > Edit button.
  2. Click the General, SSO, Provisioning, Policies, Assignment tab to edit the items.
  3. Click the Save button.
Information
To deactivate the application, select the application and click the Deactivate button.

Delete Identity Provider

On the Identity Provider list screen, select an Identity Provider, deactivate it, then return to the list screen where you can delete it from the three‑dot menu. To register again, click the Add button.

Authenticator

Configure by integrating the Authenticator provided by SCP SingleID. Password and Email are enabled by default.

The types and functions of Authenticators are as follows.

  • Password: The Password Authenticator verifies a password known only to the user to authenticate the user as a knowledge‑based authentication method. * It is the built-in Authenticator used for primary and secondary authentication, and it cannot be deleted or disabled for security reasons.
  • Email: An ownership-based authentication method that authenticates the user through an OTP (One-Time Password) delivered to the user’s email account.
  • Active Directory: Enter the user password of the linked Active Directory to authenticate.
  • Knox Identity: Authenticate by entering the user password of the linked Knox Portal.
  • Knox Messenger: Enter the Knox Messenger OTP received via the registered Knox Messenger to authenticate.
  • PC SSO Agent: Install SingleID’s PC SSO Agent on a PC to perform integrated authentication (SSO) and unified logout across various web browsers, and to authenticate through PC security checks.
  • SingleID Authenticator: SingleID dedicated authentication mobile app that supports biometrics (fingerprint, facial), PIN, mOTP, and TOTP.
  • SMS: Enter the SMS OTP received on the registered mobile phone to authenticate.
  • Passkey: Mobile Passkey, security key, a convenient authentication method that enables easy login with Windows biometric/PIN code.
  • TOTP Authenticator: Enter the TOTP received via the registered authentication app or web extension to authenticate.

Authenticator list

We support all authenticators of the six supported types.

To check the Authenticator, please refer to the following path.

  • Admin Portal > Integration > Authenticator

Add Authenticator

On the Authenticator list screen, clicking Register moves to the next screen, switching to a screen where you can add an Authenticator.

To add an Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Each authentication methodselect > Next click the button.
  3. Enter the information required for authentication settings.
  4. Click the Save button.
Information
All nine types of Authenticators, which include various optimized work environments that a typical IdP service can provide, are already offered and registered/configured, so there is no need to add a new Authenticator until a new type of Authenticator is required.
information
To disable the Authenticator, select the application and click the Disable button.

Add Active Directory {#Active Directory-add}

Users can authenticate using the connected Active Directory.

To add Active Directory, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select Active Directory > Click the Next button.
  3. The General page appears. 3. Please review Authnticator Overview and click the Next button.
  4. Settings page appears. 4. Enter the information to register Active Directory as an Authenticator.
  5. After entering all information, click the Connection Test button to verify.
  6. After checking everything, click the Save button.
CategoryExplanationRequired or not
LDAP URLEnter the LDAP URL of Active Directory.
Enter a valid URL that includes ldap:// or ldaps:// for encrypted communication.
Example) ldap://ldap.example.com/dc=example,dc=com		Required
Service User DNEnter the unique identifier of the service-dedicated LDAP account.Required
service user passwordEnter the service user’s password in password format.Required
User search base DNEnter the user search base DN, the string that specifies the starting point for searches in the LDAP directory tree.Required
User attributeEnter user attributes.Required
Check LDAP connectionAfter entering all the above LDAP settings correctly, click the Connection Test button to perform the integration test.Required
Table. Add Active Directory
Reference

Active Directory Authenticator can be used as follows:

  1. Login
  2. Identity verification during the registration process
  3. Password reset
  4. Unlock ID

Add Knox Identity

Users can authenticate using the connected Nox portal.

To add Knox Identity, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select Knox Identity > Click the Next button.
  3. General page appears. 3. Check the Authnticator Overview and click the Next button.
  4. Policy page appears. 4. Enter the information to register Knox Identity as an Authenticator.
  5. After entering all information, click the Connection Test button to verify.
  6. After checking everything, click the Save button.
CategoryExplanationRequired or not
Maximum allowed authentication failure attemptsSet the maximum allowed number of authentication failures when using Knox Identity. It can be set from 1 to 10 times.Required
Nox IDEnter the Nox ID to test whether the account is linked.Required
Nox passwordEnter the Nox password to test whether the account is linked.Required
Verify Knox Identity connectionClick the Connection Test button to run the test.
If the test fails, contact the administrator.		Required
Table. Add Knox Identity
Reference

Active Directory Authenticator can be used as follows:

  1. Login
  2. Identity verification during the registration process
  3. Password reset
  4. Unlock ID

Add Knox Messenger

Enter the Knox Messenger OTP received via Knox Messenger to authenticate.

To add Knox Messenger, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select Knox Messenger > Click the Next button.
  3. General page appears. 3. Check the Authenticator Overview and click the Next button.
  4. Policy page appears. 4. Enter the information required to register Knox Identity as an Authenticator.
  5. After entering everything, click the Save button.
CategoryExplanationRequired or not
Access TokenEnter the Access Token for Knox Messenger.Required
Authentication code timeout (minutes)Enter the expiration time (minutes) for the verification code. It can be set from 3 minutes up to a maximum of 30 minutes.Required
Maximum allowed authentication failure attemptsThis is the maximum number of re-entries allowed after authentication failure. Please select the maximum allowed count.
You can select from 1 to 10 times.		Required
Table. Add Knox Messenger
Reference

Knox Messenger Authenticator can be used as follows:

  1. Login
  2. Passwordless authentication
  3. Identity verification during the registration process
  4. Find ID
  5. Password reset
  6. Unlock ID

Add PC SSO Agent

To use SSO across multiple browsers, you can install the PC SSO Agent on the user’s PC.

To add the PC SSO Agent, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add button, click it.
  2. Select PC SSO Agent > Click the Next button.
  3. General page appears. 3. Check the Authenticator Overview and click the Next button.
  4. Policy page appears. 4. Enter the information required to register with the PC SSO Agent.
  5. After entering everything, click the Save button.
CategoryExplanationRequired or not
Use PC SSO Agent for multi-browser SSOClick the Activate button to enable it.
To enable multi-browser SSO, you must configure a login policy for each application.
Once enabled, SSO between Chrome and Edge browsers is possible.
Set the login policy in Policy > Login Policy.		Selection
Prevent login using unsupported browsersClick the Activate button to activate.
If activated, login will be restricted on browsers other than Chrome and Edge.		Selection
Forcefully close the browser upon PC SSO Agent logoutClick the Activate button to enable it.
When activated, it will be forcibly closed on Chrome and Edge browsers upon logout.		Selection
Property SettingsWhen launching the PC SSO Agent, you can configure the user attributes that SingleID will pass to the PC SSO Agent. The configured user attributes are used for multi-browser SSO and C/S program (Rich Client application) authentication. To set the
attribute, click the Add button to configure user attributes.		Selection
Forcefully close the browser upon PC SSO Agent logoutClick the Activate button to enable it.
When activated, it will be forcibly closed on Chrome and Edge browsers upon logout.		Selection
Table. Add Knox Messenger
Reference

This Authenticator can be used as follows:

  1. Multi-browser SSO
  2. Rich Client application authentication

Add SingleID Authenticator

Authenticate using the SingleID Authenticator mobile app provided by SingleID.

If you want to add the SingleID Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select SingleID Authenticator > Click the Next button.
  3. The General page appears. 3. Please review the Authnticator Overview and click the Next button.
  4. Policy page appears. Enter the information to register the SingleID Authenticator as an Authenticator.
  5. After entering everything, click the Save button.
CategoryExplanationRequired or not
Authentication wait time (minutes)Enter the authentication waiting time (minutes). This is the input time for authentication processing. It can be set between 3 and 30 minutes.Required
Maximum allowed authentication failure attemptsThis is the maximum number of re-entries allowed after authentication failure. Please select the maximum allowed number of attempts.
You can select from 1 to 10 times.		Required
TOTP generation interval (seconds)This is the interval (seconds) for automatically generating OTPs. It can be set from 15 to 120 seconds.Required
Number of adjacent TOTP intervalsThis is the count of TOYP codes to allow before and after based on the SingleID server time. If this value is 3, three TOPT codes before and after the SingleID server time are allowed. This setting can prevent authentication failures caused by the time difference between the SignleID server time and the SingleID Authenticator. You can select 0 to 5.Required
App Push TypeYou can set the push type for the SingleID Authenticator app.Required
SingleID Authenticator biometric authentication replacement settingIf the user’s mobile phone does not have fingerprint or facial recognition features, authentication can be performed using alternative methods. It can be replaced with PIN, mOTP, or TOTP; when all users are selected, the user can change to another authentication method for authentication. If you want to apply it only to a separate group, select Apply only to the group below.Required
Table. Add SingleID Authenticator
Reference

This Authenticator can be used as follows:

  1. Login
  2. Passwordless authentication
  3. Identity verification during the registration process
  4. Find ID
  5. Password reset
  6. Unlock ID

Add TOTP Authenticator

Enter the TOTP received through the registered authentication app or web extension to authenticate. You can use TOTP authentication methods to support 3rd Party Authenticators such as mobile authentication apps (Google Authenticator, Microsoft Authenticator, etc.) and web browser extensions (Chrome Web Store, Microsoft Edge Add-ons, etc.).

To add the TOTP Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select TOTP Authenticator > click the Next button.
  3. General page appears. 3. Please review the Authenticator Overview and click the Next button.
  4. Policy page appears. 4. Enter the information required to register with the TOTP Authenticator.
  5. After entering everything, click the Save button.
CategoryExplanationRequired or not
Maximum allowed authentication failure attemptsThis is the number of allowed re‑entries when an incorrect TOTP is entered or a TOTP that exceeds the time limit is entered. It can be set from 1 to 10 times.Required
Number of adjacent intervals in TOTPThis is the number of TOTP codes allowed before and after based on the SingleID server time. If this value is 3, three TOTP codes before and after the SingleID server time are allowed. This setting can prevent authentication failures caused by time differences between the SingleID server time and the SingleID Authenticator. 0 ~ 5 can be selected.Required
IssuerWhen a user registers a ‘TOTP Authenticator’ using an ‘Authenticator App’ or ‘Web Extention’ and registers via a QR code, the format ‘Issuer : Tenanat/UserID’ appears on the user screen.Required
Table. Add Knox Messenger
Reference

This TOTP Authenticator can be used as follows:

  1. Login
  2. Multi-Factor Authentication (MFA)
  3. Authentication during Authenticator registration
  4. Password reset
  5. Unlock
  6. Conditional authentication
  7. Authentication for non‑compliant PCs
Reference

To apply the TOTP Authenticator, set it in the authentication policy.

  1. Available Authenticator (for login policy) → Use TOTP Authenticator when the user logs in
  2. Authenticator registration authentication → User uses TOTP Authenticator during Authenticator registration
  3. Account recovery > Password reset → Use TOTP Authenticator when the user resets the password

Modify Authenticator

On the Authenticator list screen, after selecting an Authenticator and clicking Edit, it switches to the edit screen.

If you want to modify the Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Edit button click
  2. Edit each item, then click the Edit button to complete the changes.
Reference
To edit each Authenticator, please refer to each Autheticator Add in the Authenticator List and make the modifications.

Delete Authenticator

On the Authenticator list screen, select an Authenticator, disable it, then return to the settings screen, and you can delete it using the delete button in the three‑dot menu. You must exclude the authentication policy settings before disabling; otherwise, the disable cannot be applied.

To delete the Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor List > Authenticator right three dots Click.
  2. Disable popup click
  3. If a warning popup appears, check the applied authentication policy.
  4. To manage the lower authentication policy, please click here. Then click to exclude the policy from the authentication settings.
  5. Deactivation is completed when the corresponding authentication policy is excluded from the authentication policy information.
  6. After deactivation is complete, click the Authenticator and then click the Delete button.

MFA Service Provider

MFA Service Provider provides a service that enhances user convenience by applying biometric and simple authentication technologies along with strengthened authentication methods, meeting the security requirements required by enterprises through multi-factor authentication.

Reference
The MFA Service Provider performs additional multi-factor authentication (MFA) for registered applications when users log in.

MFA Service Provider List

To view the list of MFA Service Providers, you can access the following menu.

  • Admin Portal > Integration > MFA Service Provider
CategoryExplanation
NameThis is the name of the MFA Service Provider.
System codeDisplays system code information.
project codeDisplays project code information.
User TagDisplays the User Tag.
typeShows how to integrate the MFA Service Provider. It is presented in the following three methods.
  • ADFS Plugin
  • MFA API
  • RADIUS
System code input fieldEnter the system code information.
Project code input fieldEnter the project code information.
Search term input fieldYou can search the Identity Provider list. Enter a search term and click the magnifying glass icon or press Enter to perform the search.
  • Searchable fields: name, description, system code, project code
Details buttonDetailed searches are possible. Search conditions can be combined using AND. After entering multiple fields, click the Search button, and the search will be performed according to the criteria.
  • Reset button click clears all search fields.
Register buttonYou can register a new MFA Service Provider.
Table. MFA Service Provider List

MFA Service Provider registration

To register the MFA Service Provider, follow the steps below.

  1. Admin Portal > Integration > MFA Service Provider > Register Click the button
  2. ADFS Federated Application or Custom Application or Network Equipment Select > Next Click the button
Information

There are three types of MFA Service Provider.

  • ADFS Federated Application : It uses the AD Flugin method and registers an ADFS federation application that will be linked with SingleID MFA.
  • Custom Application : Registers an application that uses the MFA API in API mode and integrates with SingleID MFA.
  • Network Equipment : It uses the RADIUS method and registers network equipment that will be linked with RADIUS‑based MFA.

Through a three-step screen as shown below, you can enter the required information, configure it, and register the MFA Service Provider for integration.

  • [General] {#General-3}
  • [MFA integration] {#integration}
  • [Owner] {#owner}

General

Enter general information for the MFA Service Provider.

CategoryExplanationRequired or not
NameEnter the name of the MFA Service Provider. Since it is identified by its name, a rule for distinction and management is required.Required
ExplanationEnter a description of the MFA Service Provider (including its functions, usage, etc.).Selection
Logo imageRegister a logo that can intuitively identify the MFA Service Provider.Selection
Manage users using User TagIf you enable User Tag usage, when a new user is registered from the MFA Service Provider, “#"+User Tag is automatically appended to the user’s ID, preventing duplicate ID registrations.Selection
User TagOnly one User Tag can be registered per MFA Service Provider.
- A User Tag cannot be modified after registration; it is a tag attached to the MFA Service Provider and the user.
- Tenant administrators can define and use User Tags. Users provisioned via JIT through the MFA Service Provider have the same User Tag set as a user attribute, allowing identification of where the user was created.		Required
System codeEnter the system code information.Selection
project codeEnter the project code information.Selection
campaignIf only one authentication method is used, a pop-up page guiding the user to register an authentication method is displayed. It becomes active when the selection box is selected.Selection
Table. MFA Service Provider General

MFA integration

Enter MFA integration information.

CategoryExplanationRequired or not
Conditional authenticationConditional authentication is a policy that performs additional authentication when the authentication conditions registered in conditional authentication are met.
To apply conditional authentication, click the check box.
Select the WHEN policy and the THEN policy.
The WHEN policy is an authentication policy executed when a specific condition occurs at login.
The THEN policy performs an additional identity verification when the WHEN policy is satisfied.		Selection
LoginAdd the provided Authenticator to the Chip Box.
When logging in, click the Activate button to use the delegation to the administrator.
If you enable the delegation option to the administrator, you can see the following guide messages on the ‘Select Authentication Option’ page for registration.
1. “If you cannot complete identity verification due to any issue, you can request verification from the manager. Click here”
2. “If a problem occurs with identity verification, you can request delegated verification from the administrator. Please click here."
※ Delegation is only possible to administrators who have registered the SingleID Authenticator mobile app as an Authenticator.		Required
Authentication during Authenticator registrationSet the identity verification method that the user must perform during the Authenticator registration process.
The user configures an Authenticator for identity verification.
Perform the following additional authentication: strengthen verification during the identity verification process.
* Whether to perform authentication during registration when no Authenticator is registered: set whether to proceed when the user has no registered Authenticator.
1. Perform When selected, the user can register an additional authentication method and then authenticate.
2. Do not perform When selected, authentication is not carried out if there is no registered authentication method.
3. Follow JWT When selected, the predetermined JWT policy is adhered to.
* Click the Enable button to use the authentication delegation feature for administrators.
※ Authentication delegation is only available to administrators who have registered the SingleID Authenticator mobile app as an Authenticator.		Selection
List of administrators to delegate authenticationSelect the checkbox if you want to use the delegated administrator list of the SCP cloud object storage as a separate authentication administrator list when delegating authentication to an administrator.
This option is available only when “Delegate authentication to administrator” is enabled in the “Authenticate during Authenticator registration” or “Login” items.
To retrieve and apply an administrator list stored as a JSON file in cloud object storage, the following settings are required.
1. Access Key: Enter the Access Key of the cloud object storage.
2. Secret Key: Enter the Secret Key of the cloud object storage.
3. Endpoint: Enter the URL of the cloud object storage service provider. It must start with “http://”.
4. Bucket name: Enter the bucket name of the cloud object storage.
5. File path: Enter the file path in the cloud object storage.
6. Verify cloud object storage connection: After entering all items, click the Connection Test button to check the result. The result will show success or failure.
7. If the connection verification succeeds, the Test File Search button will appear. Click the button.
8. A file search test popup will appear; enter the file name and click the Validate button.
9. After clicking the button, a .json file will be created; if a file with the same name already exists, rename it to complete the test.		Selection
User information update method during login (MFA) processSelect the user information update method during the login process.
1. Automatic update with JWT Claim information: a method that automatically updates the Claim information among the authentication data of a JWT token
2. Maintain information at the time the user data is created: retain the initially created user information.
Follow JWT When selected, it complies with the defined JWT policy.
Required
Whether to automatically register Knox Messenger as
Authenticator during the login (MFA) process		Select whether to automatically register Knox Messenger during login execution.
If an ID is not registered in Knox Messenger, selecting ‘Register’ will not automatically register it.
1. Automatic update with JWT claim information: a method that automatically updates the claim information among the authentication data of a JWT token
2. Preserve the information at the moment the user data is created: retain the initially generated user information.
Follow JWT When selected, it adheres to the defined JWT policy.
Required
ClaimEnter the Claim name.
A Claim is an authentication method that manages user authentication and permissions through a specific key value, and allows you to add the necessary data for use.
Defines the mapping that verifies whether the user is the same. Up to 30 can be registered.
Required
Secret KeyThe Secret Key is an encryption key for trusted communication between SingleID and the MFA Service Provider.
Click the Issue button to issue it.
Required
Table. MFA integration
Information
The person who will handle identity verification on your behalf can be set in the person in charge tab.

Owner

Select and register the person in charge of the newly registered MFA Service Provider.

CategoryExplanation
Add buttonYou can add a person in charge of the MFA Service Provider.
searchYou can find the person in charge using a search term (ID, name, email, status).
Select (Check Box)Select the person in charge retrieved from the list.
AddYou can add the selected assignee.
CompletedComplete assigning the person in charge.
Table. Register person in charge

When you click the Complete button, the registration is completed.

MFA Service Provider edit

On the MFA Service Provider list screen, after selecting an Authenticator and clicking Edit, you are taken to a screen where you can make modifications.

To modify the MFA Service Provider, follow the steps below.

  1. Admin Portal > Integration > MFA Service Provider > Edit Click the button.
  2. Edit each item, then click the Edit button to complete the changes.

Delete MFA Service Provider

After selecting an MFA Service Provider on the MFA Service Provider list screen, deactivate it, return to the list screen, and you can delete it from the three‑dot menu.

To delete the MFA Service Provider, follow the steps below.

  1. Click Admin Portal > Integration > MFA Service Provider List > MFA Service Provider right three dots.
  2. Delete Click the popup button.
  3. If a warning popup appears, check the MFA Service Provider information.
  4. Enter the MFA Service Provider name below and click the Delete button.

3 - Identity Store

Identity Store is an integrated directory service that centrally manages user, group, and authentication information, supports both cloud and on-premises environments, enables easy implementation of single sign-on (SSO) and multi-factor authentication (MFA), and automates secure integration between applications and user provisioning.

There are various cases in which users or groups are added to an organization, such as being provisioned through a registered application or being added directly by an administrator.

Identity Store allows integration and retrieval of users and groups registered in various ways, and provides various management features so that administrators can configure detailed settings for each user or group.

Administrators can manage all users and groups registered in the organization through the Identity Store.

User

Administrators can view and edit all users registered in the organization using the functions provided in the User menu, and can delete users or directly register new users.

You can also change a user’s group membership or assign permissions to allow the user to use the application.

Users are registered to SingleID in various ways as follows.

  • Register via account synchronization (Inbound Provisioning) from the application
  • Register via JIT (Just In Time) provisioning from the Identity Provider
  • Register from MFA Service Provider
  • Manually registered by administrator

Administrators can use the User menu to manage registered users collectively in various ways.

To access the user menu, navigate as follows.

  • Admin Portal > Identity Store > User

User List

You can view and search all users registered in SingleID in a list format.

CategoryExplanation
IDThe user’s ID is displayed.
NameThe user’s name is displayed.(Surname, given name order)
emailThe user’s email address is displayed.
phoneThe user’s mobile number is displayed.
AdministratorDisplays whether the user is an administrator in the Admin Portal.
System Mapping IDThis is the application system mapping ID.
statusIndicates whether the account is active.
Active: The user state where login is currently possible.
Inactive: The user state that has been manually deactivated.
Pending: The account synchronization is complete, and the account remains in a pending state until the user logs in.
Locked: An account locked due to password errors.
Dormant: An account that has been marked as dormant after being offline for a certain period.
Management entityIndicates the entity that manages the account. You can tell whether it was automatically registered by a system or manually registered.
SingleID: Account manually registered by the administrator
Other: Account automatically synchronized.
Registration dateAccount’s initial registration date
Modified DateLatest update date
Expiration dateAccount expiration date
Dormant User buttonYou can query dormant users.
Search term input fieldYou can search the user list. Enter a search term and click the magnifying glass icon or press Enter to perform the search.
- Searchable fields: name, email, ID
1. Name: Exact match search is possible using encrypted personal data with ‘full name’, ‘first name’, or ’last name’.
2. Email: Exact match search is possible using encrypted personal data with the full email address or the part before ‘@’.
3. Phone number: Exact match search is possible using encrypted personal data with the last four digits of the phone number.
Details buttonDetailed searches are possible. Search conditions can be combined with AND. After entering multiple fields and clicking the ‘Search’ button, the search is performed according to the criteria.
Clicking the ‘Reset’ button clears all search fields.
- Name: Exact match search is possible using encrypted personal data with ‘full name’, ‘first name’, or ’last name’.
- Email: Exact match search is possible using encrypted personal data with the full email address or the part before ‘@’.
- Phone number: Exact match search is possible using encrypted personal data with the last four digits of the phone number.
Register buttonRegister the MFA Service Provider.
Table. User List
Information
Click the dormant user button in the list to display the dormant user list. After selecting the selection box and clicking the Activate button, the account will be changed to Active status. If you want to delete your account, click the delete button.
information

There are three ways to search for users in the user list.

  • User status filter
  • Keyword search
  • Advanced Search

User status filter

To filter users by status, follow these steps.

  1. Click the button in the group that shows the user statuses (All, Active, Inactive, Pending, Locked) you want to filter.
  2. It is displayed in the list according to the user’s status.
  3. You can search for the desired user using keyword search while filters are applied. 3. (Note: If you perform an advanced search while filters are applied, the filters will be cleared)
  4. To remove the filter, click the All button.

Keyword Search

To perform a keyword search, follow these steps.

  1. Click the mouse on the keyword search input field.
  2. Enter the word to search. 2. Enter a search term, and a dropdown menu appears below the search input field. 2. If you select one of the “ID”,“Name”, “Email” displayed in the dropdown menu, the search will be executed on that field, and if you select All, the search will be executed on the ID, English name, and email fields.
  3. After entering a search term, press the Enter key or click the magnifying‑glass icon with the mouse to execute the search. 3. At this time, the search is executed across the ID, English name, and email fields.
  4. Search results are displayed in the user list.
  5. If you want to cancel the search results and display the full list, click the X icon to the right of the keyword search input box.

Advanced Search

To perform an advanced search, follow these steps.

  1. Click the Details button.
  2. On the detailed search screen, enter the search term in the field you want to search.
  3. In the advanced search screen, you can limit the search range by selecting the user’s registration and modification dates.
  4. When you enter search terms in multiple fields, the search is performed with an “AND” condition.
  5. After entering a search term, press Enter or click the Search button to execute the search.
  6. Search results are displayed in the user list.
  7. If you want to cancel the search results and display the full list, click the Reset button on the advanced search screen.

User registration

Tenant administrators can manually register users directly from the screen without going through account synchronization.

To register a user, follow the steps below.

  • Admin Portal > Identity Store > User > Register Click button

Users can enter and register information through a three-step screen as follows.

  1. Profile
  2. User group
  3. Summary

Profile

Enter the user’s basic profile information on the profile screen.

The fields that need to be entered are as follows.

CategoryExplanationRequired or not
IDEnter the user’s ID. Values that duplicate an already registered user’s ID cannot be entered.Required
AdministratorSpecify whether the user is an administrator. Selecting “Allow” grants administrator privileges.Required
Name (Korean name, surname)Enter the Korean given name and family name in order.Essential
Name (English name, last name)Enter the English given name and surname in order. If an English name is not available, enter the Korean given name and surname again.Required
emailEnter the email address. Since this information is used for identity verification, accurate information must be entered.Required
Phone numberEnter your mobile number. Since this information is used for identity verification, accurate information must be entered.Essential
DepartmentEnter the department name in Korean and English.Selection
organizationEnter the Korean organization name and the English organization name.Select
languageSpecifies the user’s preferred language. When the user logs in, the screen is displayed in the specified language.Essential
time zoneSpecifies the user’s time zone. All times are displayed in the designated time zone when the user logs in.Required
Expiration dateSet the user expiration date. The default is “Not set”.
Choose the date to delete when automatic account deletion is set after the set date.		Selection
Table. Profile Information

Click the Next button to go to the user group screen.

User group

Specify the group for the user to be registered on the User Group screen. All groups that can be assigned to the user are displayed on the left side of the screen. After selecting the group to assign to the user, click the > button to move to the assigned group.

To cancel a group assignment, select the group to cancel from the assigned groups, then click the < button. Click the Next button to go to the summary screen.

Reference
The reason for assigning groups to users is to control access organically across login policies, authentication policies, application access policies, and similar settings.

Summary

  1. After reviewing the information entered on the summary screen, register the user.
  2. If you want to edit the entered information, you can click the Back button to return to the screen you want to edit.
  3. To cancel the registration, click the Cancel button.
  4. When you click the Complete and Add button, it registers the user and returns to the profile screen so you can continue registering a new user.
  5. Clicking the Complete button registers the user and navigates to the registered user’s detail screen.

User edit

If you want to modify a user, follow the steps below.

  1. In Admin Portal > Identity Store > User, click the user you want to edit.
  2. profiles, groups, applications, multi-factor authentication (MFA) methods, devices, active sessions are displayed.
  3. Click the Edit button at the bottom and modify the data you want to change.
  4. Click the Save button.

User status change

The status of users managed by SingleID is as follows.

CategoryExplanation
ActiveThis is a user who, after initial registration, logged into SingleID, reset their password, and is now using it normally.
InactiveThis user has been disabled by the administrator.
WaitingThis is a user who has never logged into SingleID after the initial registration.
LockedThe user is locked due to repeated login failures, etc. (The user can unlock themselves by resetting the password)
Human userThe account is in a human‑processed status due to being inactive for a certain period.
Table. User status

A tenant administrator can change a user’s status based on the user’s current state as follows.

CurrentChangeExplanation
ActiveInactiveYou can click the Deactivate button to change an active user to an inactive state.
InactiveActiveYou can click the Activate button to change a user from inactive to active.
WaitingNoneA user in standby cannot be switched to active or inactive state.
LockedActiveA locked user can click the password reset button to reset the password and simultaneously change the status to active.
Table. User status

The button that changes the user’s status is displayed on the list and detail screens as follows.

  • When one or more users in Active or Inactive state are selected on the list screen
  • Active or Inactive state when navigating to the user detail screen
Information

When a tenant administrator attempts to deactivate a user, the following confirmation popup is displayed.

After verifying the information of the user to be deactivated, click the deactivate button once more to change the user’s status from active to inactive. In contrast, when changing a deactivated user to an active state, no separate confirmation popup is displayed.

Password reset

The tenant administrator can reset a user’s password. When a tenant administrator resets a user’s password, an informational email is sent to that user.

Reference

The reset password is not displayed to the administrator. Additionally, the reset password is not directly included in the notification email sent to the user.

After receiving the notification email, the user must log in to SingleID directly, use the password reset function to complete identity verification, and then change the password.

To change the user’s password, follow the steps below.

  1. Select the user whose password you want to change from the user list and click.
  2. Click the Reset Password button located at the top right of the user detail screen.
  3. If a confirmation popup appears, click the Confirm button.
  4. Resetting a locked user’s password unlocks the account and changes it to active status.

Group

The tenant administrator can view the groups that a user belongs to as a member and can add or remove group memberships.

To manage a user’s groups, click the Group tab on the detail screen.

CategoryExplanation
Group TabDisplays the user’s group management screen.
All groupsDisplays the full list of groups that can be assigned to the user.
Assigned groupDisplays the list of groups already assigned to the user.
Search all groupsSearch groups or group descriptions across all groups that can be assigned to the user. The search results are displayed in the list below. After searching, click the X button on the right of the search input field to display the full list.
Search assigned groupsSearch for groups or group descriptions among groups already assigned to the user. The search results are displayed in the list below. After searching, click the X button on the right side of the search input field to show the full list.
Delete assigned groupDelete the selected group from the groups assigned to the user. The user will be removed from the deleted group’s members.
Group assignmentAssign the selected group to the user. The user becomes a member of the assigned group.
Group tab

Delete group

To delete the group assigned to a user, follow the steps below.

  1. Select the group to delete from the assigned group list. 1. (Check the checkbox to the left of the group name)
  2. Click the < button to delete the assigned group.
information
Groups assigned by group rules do not display a checkbox next to the group name. Memberships established by rules cannot be manually removed by an administrator.

Group assignment

To assign a new group to a user, follow the steps below.

  1. Select the group to assign from the entire group list. 1. (Check the checkbox to the left of the group name)
  2. > Click the button to assign the group.
Information
Assigning a group automatically grants permissions for the applications assigned to the added group.

Application

The tenant administrator can view applications designated for user use and can add, assign, or delete applications. To manage the user’s application, click the Application tab on the detail screen.

CategoryExplanation
Application tabDisplays the user’s application management screen.
List of assigned applicationsApplications assigned to the user are displayed in a list format.
Assign buttonYou can assign additional applications to a user.
Application tab

Delete application

To delete an application assigned to a user, follow the steps below.

Select the application to delete from the list of assigned applications. (Check the checkbox to the left of the application name) Click the Unassigned button displayed above the application list. In the confirmation popup, click the Confirm button.

information
If you delete the assigned application, it will no longer appear in the User Portal > My Apps menu.

Application allocation

To assign a new application to a user, follow the steps below.

  1. Click the Assign button displayed at the top right of the application list.
  2. Application Assignment Select the application in the popup. 2. (Check the checkbox to the left of the application name)
  3. Click the Assign button.
  4. If you have assigned all applications, click the Cancel button to close the popup.
Reference
The assigned application can be found in the User Portal > My Apps menu. (If the assigned application’s “Display” option is turned off, it will not appear in the user portal)

View and Manage Multi-Factor Authentication (MFA) Methods

The tenant administrator can view the multi-factor authentication methods registered by users and can modify or delete parts of the registration information.

To manage a user’s multi-factor authentication (MFA) method, click the Multi-Factor Authentication (MFA) Method tab on the details screen.

CategoryExplanation
Multi-Factor Authentication (MFA) method tabDisplays the user’s multi-factor authentication (MFA) method management screen.
List of Multi-Factor Authentication (MFA) MethodsThe multi-factor authentication (MFA) methods registered by the user are displayed as a list.
Edit buttonUsers can modify or delete the multi-factor authentication (MFA) methods they have registered.
List of Multi-Factor Authentication (MFA) Methods

Modify multi-factor authentication (MFA) method

To modify the multi-factor authentication (MFA) method registered by the user, follow the steps below.

  1. Click the Edit button at the bottom right of the screen.
  2. Click the Registration Info column of the MFA list you want to edit.
  3. After editing the information, click the Save button at the bottom right of the screen.

Delete multi-factor authentication (MFA) method

To delete the multi-factor authentication (MFA) method registered by the user, follow the steps below.

  1. Click the Edit button at the bottom right of the screen.
  2. Click the Delete button on the right side of the MFA method you want to remove.
  3. Click the Confirm button in the warning popup.
  4. Click the Save button at the bottom right of the screen.

View user device information

Administrators can view the device information added when a user registers a multi-factor authentication method.

To view the user’s device information, click the Device tab on the detail screen.

CategoryExplanation
Device TabDisplays the user’s device management screen.
Device ListWhen a user registers a multi-factor authentication (MFA) method, the added devices are displayed in a list format.
Device Tab
information
Device information can only be viewed, and tenant administrators cannot add, modify, or delete it.
Information
Check user device information If you click on the user’s registered password, SMS, email, SingleID authenticator, Nox messenger, passkey, and other devices, you can view detailed information in a popup. Device Information popup displays ’type’, ‘OS version’, ‘browser’, ‘IP’, etc.

Active session

When a user logs into SingleID, SingleID manages the session information of the logged-in user.

The tenant administrator can view a user’s current active session and forcibly terminate the session to log the user out.

To manage the user’s session, click the Active Session tab on the detail screen.

CategoryExplanation
Active Sessions TabDisplays the user’s session management screen.
Active session listThe user’s currently active sessions are displayed in a list format.
Exit buttonForcefully terminates the user’s active session.
Active Sessions Tab
information
If the user’s active session list is displayed as an empty list, it means that the current user is not logged into SingleID.

Force Terminate Session

To forcibly terminate a user’s session, follow the steps below.

  1. Click the Terminate button displayed at the top right of the session you want to force close.
  2. In the Exit Confirmation popup, click the Exit button.
Information
Users whose session has ended are forcibly logged out of SingleID and must log in again to use the system. However, the sessions of applications that logged in using SingleID are retained until the session ends, and each application’s sessions are managed by the respective application.

Force terminate multiple sessions

If you want to select one or more user sessions and terminate them simultaneously, follow the steps below.

  1. Select the sessions to forcefully terminate from the list and check the checkbox (V) displayed to the left of the session information.
  2. Click the Exit button displayed above the list.
  3. Exit Confirmation in the popup, click the Exit button.

Delete user

Tenant administrators can delete user information from SingleID.

The button for deleting a user appears on both the list and detail screens as shown.

  • When one or more users are selected on the list screen
  1. After selecting a user, click the Delete button, and a confirmation popup appears on the screen.
  2. To delete a user, verify the user information, then enter the user’s ID and click the Delete button.
  3. After selecting multiple users and clicking the Delete button, a confirmation popup appears on the screen.
  4. To delete the selected users, use the <, > button, review all user information, then enter the phrase Delete All and click the Delete button.
information

Verify all users’ information and you must enter the phrase Delete All for the delete button to become active.

When navigating to the user detail screen

  1. When an administrator attempts to delete a user, a confirmation popup is displayed.
  2. To delete a user, verify the user information, then enter the user’s ID and click the Delete button.
Reference

Deleted user information cannot be recovered.

When a user’s information is deleted, the groups, applications, and multi-factor authentication (MFA) methods assigned to the user are also deleted, and even if the user is re-registered with the same ID, the deleted groups, applications, and MFA methods are not restored.

Users registered through an application’s inbound provisioning can be reprovisioned from that application even if they are deleted from SingleID.

To completely delete a user, you must remove them from the primary system that manages user information.

After deletion, even if the user registers again with the same ID, the deleted groups, applications, and multi‑factor authentication (MFA) methods will not be automatically restored.

Group

Administrators can use the functions provided in the Group menu to view and edit all groups registered in the organization, and can delete groups or register new groups.

You can also modify the group’s membership rules or assign permissions so that group members can use the application.

Groups are registered to SingleID in various ways as follows.

Tenant administrators can centrally manage registered groups in various ways using the group menu.

To access the group menu, navigate as follows.

  • Admin Portal > Identity Store > Group

Group List

Administrators can view and search all groups registered in the organization in a list format.

Category Description

CategoryExplanation
Group ListThe group list is displayed.
Keyword searchSearch by group name and description.
Detailed SearchDisplays detailed options for searching groups on the screen.
Table. Group List

Create group

Administrators can manually register groups directly on the screen without going through inbound provisioning.

  1. To register a group manually, click the Register button on the group list screen.
  2. When you click the Register button, the group registration popup is displayed on the screen.

The fields that need to be entered for group registration are as follows.

CategoryExplanationRequired or not
typeSelect the group type.Required
NameEnter the name of the group. Values that duplicate an already registered group name cannot be entered.Required
ExplanationEnter the description of the group.Required
Table. Group List
  1. Complete button click registers the group and navigates to the detailed information screen of the registered group.

View and edit detailed information

The administrator can click Group in the group list to navigate to the group’s detailed information view screen.

If you have newly registered a group, you will be taken directly to the group’s detail screen immediately after registration.

At the top of the group detail screen, the group’s name, description, and managing entity information are displayed, and below that, group information organized into multiple tabs is shown.

CategoryExplanation
typeThe group’s type is displayed.
NameThe name of the group is displayed.
Management entityThe system that manages the group is displayed. For groups directly registered by a tenant administrator in SingleID, SingleID is shown; for groups provisioned inbound through an application, the application’s name is displayed.
ExplanationThe group’s description is displayed.
Table. View detailed information

The tenant administrator can view detailed information of registered groups via the Group Profile tab.

CategoryExplanation
Group profileThe group profile is displayed.
ListButton that returns to the list.
EditEdit the profile.
Table. View detailed information

To edit the group’s detailed information, follow the steps below.

  1. On the group detail screen, select the Profile tab.
  2. Click the Edit button.
  3. Edit Group Information.

The fields that can be edited are as follows.

CategoryExplanationRequired or not
NameEnter the group’s name. You cannot enter a value that duplicates an already registered group name.Required
ExplanationEnter the description of the group.Required
Table. Edit field
  1. Click the Save button.
  2. To return to the view state without saving the edited information, click the Cancel button.

Group membership rule management

Administrators can set rules that automatically assign users meeting certain conditions as members of a group.

When you set rules for a group, members are automatically provisioned without the tenant administrator having to manually manage them, and members are added or removed according to the configured condition expression.

To manage the group’s membership rules, click the Rules tab on the detail screen.

CategoryExplanation
Rules tabGroup rules are displayed.
RuleThe rules of the configured group are displayed. (The default membership policy setting after creating a group is Off) If the membership policy setting is Off, members are not managed automatically.
ListThis is a button that returns to the list.
EditModify the rules.
Table. Rules tab

To set the group’s rules, follow the steps below.

  1. Select the Rules tab on the group detail screen.
  2. Click the Edit button.
  3. Click the On button in the membership policy settings.
  4. Set the condition expression for the WHEN area.
  5. Click the Save button.
  6. If you want to return to the query state without saving the configured rule, click the Cancel button.
Information
When a group’s membership rule is set, if an administrator changes a user’s detailed information or the user’s details are changed by inbound provisioning, the system automatically searches for the user according to the configured rule and manages each group’s members automatically. Members automatically added according to the group’s membership rules cannot be manually removed by the tenant administrator.

The condition expression in the WHEN clause is constructed as follows.

CategoryExplanation
Operator relationship between conditional expressionsWhen there is one or more condition expressions, define the logical relationship between them. You can choose either AND or OR, and it applies to all condition expressions.
Conditional expression typeSet the condition type. You can select User Attribute.
Condition itemSet the condition items of the condition expression. When the expression type is User Attribute, you can select a user’s attributes from the list.
operatorSet the operation mode of the conditional expression.
condition valueSet the condition value of the conditional expression.
Add condition expressionAdd a condition expression.
Delete conditionDelete the condition. It cannot be deleted when there is only one condition.
Table. Rules tab

The user attributes that can be set in the condition item are as follows.

attributeData typeExplanationRequired or not
keyStringkeyRequired
usernameStringIDRequired
passwordGuardedStringPasswordRequired
statusStringstatusRequired
mustChangePasswordBooleanWhether to enforce password settingRequired
suspendedBooleanStandby statusRequired
creatorStringConstructorSelection
creationDateDateCreation dateSelection
lastModifierStringLast editorSelection
lastChangeDateDateLast modified dateSelection
administratorBooleanAdmin statusSelection
displayNameStringDisplay nameSelection
cnStringCommon NameSelection
localStringLocale (email sending criteria)Selection
userSourceStringUser sourceSelection
syncDateStringLast synchronization timeSelection
contractNumberStringContract numberSelection
contractStartDateStringContract start dateSelection
contractEndDateStringContract End DateSelection
agreementDateStringDate of agreement to required termsSelection
accountStartDateStringAccount start dateSelection
accountEndDateStringAccount expiration dateSelection
partnerOrganizationCodeStringPartner company codeSelection
approvalUserStringApprover IDSelection
formattedNameStringKorean display nameSelection
familyNameStringKorean surnameSelection
givenNameStringKorean nameSelection
enFormattedNameStringEnglish display nameSelection
enFamilyNameStringEnglish surnameSelection
enGivenNameStringEnglish nameSelection
adDomainStringAD DomainSelection
nickNameStringNicknameSelection
employeeNumberStringEmployee numberSelect
epIdStringEP IDSelect
emailStringemail addressSelection
phoneNumberWorkStringPhone numberSelect
mobileStringmobile phone numberSelection
titleStringJob TitleSelection
executiveYnStringExecutive statusSelect
timeZoneStringTime zoneSelection
accountLockedBooleanForced account lockSelection
accountAutoLockedBooleanAutomatic account lockSelection
accountDisabledBooleanUnused accountSelection
accountSuspendedBooleanDormant accountSelection
accountSuspendedTimeDateIdle processing timeSelection
lastLoginTimeDateLast login timeSelection
accountStateStringAccount statusSelection
Table. Condition attribute

The operators that can be configured in the operator are as follows.

operatorExplanation
EqualsSearches for users whose condition field value matches the condition value.
Not EqualsSearch for users whose condition item value does not match the condition value.
Starts withSearch for users whose condition field value begins with the condition string.
Ends withSearch for users whose condition field value ends with the condition string.
ContainsSearch for users whose condition field value includes the condition string.
Table. Operator List

Group member management

Tenant administrators can manually assign members to a group or remove users from the group’s members.

To manage the group’s members, click the Member tab on the details screen.

NameExplanation
Member tabDisplays the group member management screen.
Member listDisplays group members in a list format.
Filter button groupFilters group members by status and displays the list.
Keyword searchEnter a keyword to search for group members.
- Name: Exact match search is possible using encrypted personal data with ‘full name’, ‘first name’, or ’last name’.
Email: Exact match search is possible using encrypted personal data with the full email address or the part before ‘@’.
- Phone number: Exact match search is possible using encrypted personal data with the last four digits of the phone number.
Detailed SearchEnter detailed search criteria to find group members.
- Name: Exact match searches are possible using encrypted personal data with ‘full name’, ‘first name’, or ’last name’.
- Email: Exact match searches are possible using encrypted personal data with the full email address or the part before ‘@’.
- Phone number: Exact match searches are possible using encrypted personal data with the last four digits of the phone number.
Add buttonAdd a member to the group.
Table. Member tab

There are three ways to search for members within the Group tab.

  • Filter by member status
  • Keyword search
  • Advanced Search
information

Member Status Classification

  • Active: User who, after initial registration, logs into SingleID, resets their password, and is now using it normally.
  • Inactive: User disabled by the administrator
  • Pending: users who have never logged into SingleID after initial registration
  • Locked: User locked due to reasons such as repeated login failures (a state where the user can unlock themselves by resetting the password)

Filter by Member Status

To filter members by status, follow these steps.

  1. Click the button of the group that displays the status of the members you want to filter. 1. (Active, Inactive, Standby, Locked button)
  2. You can navigate pages in the filtered view to see the list of the desired members.
  3. You can search for the desired member using keyword search while the results are filtered. 3. (Note: If you perform an advanced search while filters are applied, the filters will be cleared.)
  4. To remove the filter, click the All button.

Keyword Search

To perform a keyword search, follow these steps.

  1. Click the mouse in the keyword search input field.
  2. Enter the word to search. 2. At this point, a dropdown menu appears below the search input field. 2. If you select one of “ID”, “English name”, or “Email” displayed in the dropdown menu, the search will be performed on that field, and if you select “All”, the search will be performed on the ID, English name, and Email fields.
  3. After entering a search term, press the Enter key or click the magnifying glass icon with the mouse to execute the search. 3. At this time, the search is executed across the ID, English name, and email fields.
  4. Search results are displayed in the member list.
  5. If you want to cancel the search results and display the full list, click the X icon to the right of the keyword search input box.

Advanced Search

To perform an advanced search, follow these steps.

  1. Click the Details button.
  2. On the detailed search screen, enter the search term in the field you wish to search.
  3. In the advanced search screen, you can select a member’s registration date to limit the search range.
  4. When you enter search terms in multiple fields, the search is performed with an “AND” condition.
  5. After entering a search term, press the Enter key or click the Search button to execute the search.
  6. Search results are displayed in the member list.
  7. If you want to cancel the search results and display the full list, click the Reset button on the advanced search screen.

Delete member

To remove a member from a group, follow these steps.

  1. Select one or more members to delete from the member list. 1. (Check the checkbox to the left of the member ID)
  2. Click the Delete button displayed at the top of the list.
  3. Click the Confirm button in the warning popup.
information
Removing a member from a group does not delete the member’s user information. Deleted members lose the application permissions assigned via the group.

Add member

To add a member to a group, follow the steps below.

  1. Click the Add button at the top right of the member list.
  2. In the member addition popup, select the user to add as a member. 2. (Check the checkbox to the left of the user ID)
  3. Click the Add button.
  4. If you have added all desired users as members, click the Cancel button on the popup to close the member addition popup.
Information
Added members immediately obtain the application permissions assigned via the group upon being added.

Application Management

The tenant administrator can view applications assigned to a group and can add or remove applications.

To manage the group’s applications, click the Group tab on the details screen.

NameExplanation
Application tabDisplays the application management screen for the group.
List of assigned applicationsApplications assigned to the group are displayed in a list format.
Assign buttonYou can add and assign applications to a group.
Table. Application Management

Application deletion

To delete an application assigned to a group, follow the steps below.

  1. Select the application to delete from the list of assigned applications. 1. (Check the checkbox to the left of the application name.)
  2. Click the Unassigned button displayed above the application list.
  3. In the confirmation popup, click the Confirm button.
Information
If you delete an assigned application, it will no longer appear in the User Portal > My Apps menu for group members.

Application assignment

To assign a new application to a group, follow the steps below.

  1. Click the Assign button displayed at the top right of the application list.
  2. Select the application in the Application Assignment popup. 2. (Check the checkbox next to the left side of the application name)
  3. Click the Assign button.
  4. If you have assigned all applications, click the Cancel button to close the Application Assignment popup.
information
The assigned application can be viewed in the group members’ User Portal > My Apps menu. (If the assigned application’s screen display option is turned off, it will not appear in the user portal)

Delete Group

The tenant administrator can delete a group from SingleID.

The button for deleting a group is displayed on the list and detail screens as follows.

  • When one or more groups are selected on the list screen.
    1. After selecting a group and clicking the Delete button, the following confirmation popup appears on the screen.
    2. To delete a group, verify the group information, then enter the group name and click the Delete button.
    3. After selecting multiple groups and clicking the Delete button, the following confirmation popup appears on the screen.
    4. To delete the selected groups, use the <, > button to view all group information, then enter the phrase Delete All and click the Delete button.
Information

You must verify the information of all groups and enter the phrase Delete All before the Delete button becomes active.

  • When navigating to the group detail screen

    1. When a tenant administrator attempts to delete a group, the following confirmation popup is displayed.
    2. To delete a group, verify the group information, then enter the group name and click the Delete button.
Reference

Information of a deleted group cannot be recovered.

When group information is deleted, the group’s members and the applications assigned to the group are also deleted, and re‑registering a group with the same name will not restore the members or application data.

Groups registered through the application’s inbound provisioning can be provisioned again from the application even if they are deleted in SingleID. To completely delete a group, you must remove it from the ledger system that manages group information. Even if the group is re‑registered with the same name after deletion, the deleted members or application information will not be automatically restored.

AI agent

AI agents are intelligent services used for various purposes such as internal workflow automation, data analysis, and customer support. Using SingleID(integrated authentication and certification system), control the access and permissions of AI agents registered with a single authentication.

To access the menu, navigate as follows.

  • Admin Portal > Identity Store > AI Agent
Reference
The detailed access permission feature for AI agents is planned to be developed in the second half of 2026.

AI Agent List

The administrator can view and search all registered AI agents in a list format.

Category Description

CategoryExplanation
AI Agent ListAI agents are displayed in the list.
Keyword searchSearches for AI agent names and the agent list.
Detailed SearchSearch using detailed options that search groups.
Table. List of AI agents

Register AI Agent

Administrators can register, modify, or delete AI agents.

  1. To register an AI agent, click the Register button on the AI agent list screen.
  2. When you click the Register button, the AI agent registration popup appears on the screen.

The fields you need to enter to register an AI agent are as follows.

CategoryExplanationRequired or not
NameEnter the AI agent name. Values that duplicate an already registered name cannot be entered.Required
Agent purposeEnter the AI agent’s purpose.Selection
AI modelEnter the AI model name. eg. ChatGPTSelection
URLEnter the AI agent URL. eg. http://www.example.comSelection
Table. List of AI agents
  1. When you click the Complete button, a confirmation popup appears to finalize the AI agent registration.
CategoryExplanation
Agent IDAI agent IDs are automatically generated for internal and external networks. Please copy the agent ID and keep it safe.
Agent SecretAI agent secrets for internal and external networks are generated automatically. Since they cannot be viewed on the screen later, please copy them now and keep them safe.
NameVerify the AI agent name you entered.
Agent purposeCheck the AI agent purpose you entered.
AI modelCheck the AI model name.
URLCheck the AI agent URL.
Table. AI Agent registration completed
  1. Click the Confirm button to register the AI agent successfully.

View and edit AI agent information

The administrator can click AI agent in the AI agent list to navigate to the AI agent’s detailed information view screen.

If you have newly registered an AI agent, you will be taken directly to the AI agent’s detail screen immediately after registration.

At the top of the AI agent detail screen, the AI agent’s agent ID and agent information are displayed.

CategoryExplanation
Agent IDThe AI agent ID can verify the unique identifiers for internal and external networks. The unique identifier cannot be changed after it is issued.
NameThe name of the AI agent is displayed.
Agent purposeThe purpose of the AI agent you entered is displayed.
AI modelThe AI model name you entered is displayed.
URLThe URL you entered is displayed.
Agent SecretYou can view the secrets for internal and external networks.
If you have lost or forgotten the agent secret, you can request a reissue.
Click the Reissue button to request a reissue.
Table. View detailed information
Reference

The agent ID and agent secret serve as the user’s ID and password, providing authentication.

Agent ID The agent ID is a unique identifier that the system automatically issues upon registration. Once issued, it cannot be reissued.

Agent Secret Authentication credentials for the agent to securely access applications and APIs. You can obtain a new agent secret by reissuing it, but you must update all APIs or applications that are currently using the agent secret.

To modify the AI agent information, follow the steps below.

  1. Select the AI agent you want to edit from the AI agent list screen.
  2. Click the Edit button at the lower right corner.
  3. Edit AI agent information.

The fields that can be edited are as follows.

CategoryExplanationRequired or not
NameEnter the AI agent name. Values that duplicate an already registered group name cannot be entered.Required
Agent purposeEnter the agent’s objective.Selection
AI modelEnter the AI model name.
URLEnter the AI agent URL.
Table. Edit
  1. Click the Save button.
  2. To return to the view state without saving the edited information, click the Cancel button.

Delete AI agent

To delete an AI agent, you can delete it by clicking the Delete button on the right side of the AI agent detail screen.

To delete the AI agent, follow the steps below.

  1. Select the AI agent you want to edit from the AI agent list screen.
  2. Click the Delete button on the right.
  3. The AI Agent Deletion popup appears.
  4. Enter the name of the AI agent you want to delete, then click the Delete button.
  5. Click to complete the deletion.

4 - Policy

Add Dormant User Policy #User Lifecycle Management #Conditional Authentication Policy –>

When logging into SingleID or logging into an application registered with SingleID, various settings such as login methods, authentication sessions, and passwords need to be configured according to the organization’s security policy.

SingleID provides a policy management feature that allows detailed configuration of login and authentication information.
If you have purchased the anomalous behavior detection feature (ADM), you can configure it to analyze a user’s login activity at sign‑in and, when it detects authentication anomalies that differ from the norm, notify the user of a potential security threat.

The policy features provided by SingleID are as follows.

  • Login Policy
  • Authentication Policy
  • Anomaly detection policy

By using SingleID’s policy feature, you can configure a secure authentication environment that meets organizational security requirements by specifying detailed login methods based on who is logging in, when, from which environment, and to which application.

Login Policy

The administrator can set detailed policies specifying which authentication methods users can use when logging in with SingleID, and, if necessary, create condition-based authentication policies for users authenticating in specific environments.

Login policies can be configured using the following conditions.

  • Which application are you logging into?
  • Who is logging in?
  • In what environment are you logging in?

To access the login policy menu, navigate as follows.

  • Admin Portal > Policy > Login Policy

Default login policy

The Admin Portal automatically creates the following two policies by default.

  • Admin Portal Policy: Admin Portal access permission control policy
  • Default Policy: User’s default access control policy

The Admin Portal Policy is the login policy applied when attempting to log in to the Admin Portal, and the Default Policy is the login policy applied when attempting to log in to the user portal.

If you have linked an application to SingleID and have not assigned a separate login policy, the Default Policy will be automatically assigned as the default login policy.

guide
The above two default policies cannot be disabled or deleted.

Register Login Policy

Login policy sets the login policies for administrators and users. You can configure login policies based on the access environment, application, and situation.

Login policies can be registered through a screen consisting of four steps as follows.

  1. General
  2. Allocation
  3. Initial Redirection
  4. Rule

General

Enter the name and description of the login policy on the general screen.

The fields that need to be entered are as follows.

NameExplanationRequired status
NameEnter the name of the login policy.Required
ExplanationEnter the description of the login policy.Required
Table. General

Click the Next button to go to the assignment screen.

allocation

Specify the application to which the login policy will be applied on the assignment screen.

NameExplanation
FilterFilter applications by status.
Keyword searchSearch by application name and description.
Advanced SearchDisplays detailed options for searching applications on the screen.
Assign buttonDisplays the application assignment popup on the screen.
Assigned Application ListThe assigned applications are displayed in a list format. It starts with an empty list.
Table. Assignment
  1. Click the Assign button to display the application assignment popup on the screen.
  2. In the Application Assignment popup, select one or more applications to assign to the login policy, then click the Assign button.
  3. If you have assigned all applications, click the Cancel button to close the Application Assignment popup.

Initial Redirection

Specifies how users access the login screen and the login method on the Initial Redirection screen.

  • Redirected to SingleID’s Sign-in page (login page)

  • Redirected to the external IdP


The explanations of the two methods above are as follows.

  • If you select Redirected to SingleID’s Sign-in page, the SingleID login page will be displayed to the user attempting to log in.
  • If you select Redirected to the external IdP, the user trying to log in will see the login page of the selected Identity Provider.
  • After selecting Redirected to the external IdP, you must choose the Identity Provider from the selection list and designate it.
  • If you select Redirected to SingleID’s Sign-in page, you can optionally display an additional button at the bottom of the SingleID login screen that allows login via an Identity Provider.
  • AND see the following external IdP buttons on the Sign-In page Click the text input field below, select one or more Identity Providers registered in SingleID, and configure them to be displayed on the login screen.
guide
The settings for registering an Identity Provider or displaying a registered Identity Provider on the login screen Please refer to Identity Provider Registration.

Rule

On the Rules screen, modify or add login rules and set the priority among login rules.

NameExplanation
List of rulesLogin rules are displayed on the screen as a list. The Default Rule is shown by default and cannot be deleted.
Keyword searchSearch by the name or description of the login rule.
Register buttonRegister a new login rule.
Complete buttonRegister a login policy.
Table. Rules

Default Rule configuration

In the rule screen’s login rule list, Default Rule is displayed by default.

Default Rule cannot be deleted and can only be edited. Also, when you add one or more login rules, you cannot set the priority. (It always has the lowest priority.)

To modify the Default Rule, follow the steps below.

  1. Click Default Rule in the rule list.
  2. Default Rule’s WHEN condition cannot be modified.
  3. You can modify the THEN result of Default Rule.
NameExplanation
Set access permissionSet whether access is allowed.
Mandatory authentication methodConfigure the primary login method. Additional login methods can be displayed on the login screen in addition to the default login method.
MFA authenticationConfigure it to require an additional login after the first login succeeds.
Terms and conditions for collecting consentSet it to display the terms and conditions and request consent when a user logs into SingleID for the first time.
Save buttonSave the modified login rules.
Table. Default Rule

You can select one of the following two options when configuring access permission settings.

  • Deny Access
  • Allow Access

If you select Deny Access, it will reject login for all users.

When you select Allow Access in the access permission setting, you can configure the user’s login method.

guide

  • If you selected Redirected to the external IdP as the method to enter the login screen on the Initial Redirection screen, the first login settings will not be displayed.

  • The required authentication method is performed by an external Identity Provider according to the Initial Redirection settings.

    • To have the user log in via multi-factor authentication, check the MFA authentication checkbox and then select one or more Authenticators in the text input box.

    • If a user logs in to SIngleID for the first time, to display the terms and conditions and request the user’s consent, check the Terms and Conditions Consent Setting (d) checkbox and then select one or more terms or conditions to display on the screen from the text input box.

Add rule

To add a login rule, follow the steps below.

  1. Click the Register button at the top right of the rule list.
  2. Enter the rule’s name and description on the rule registration screen.
  3. Refer to the following and enter the rule items.
NameExplanation
NameThis is the name of the rule.
ExplanationThis is an explanation of the rules.
User group assignmentSelect the user group to apply the rule to.
Profile property assignmentClick the ‘Add’ button in the profile property assignment list to add a property. Refer to the help below for descriptions of the property and operator.
Group SettingsSpecify the group that the logged-in user belongs to as a member.
User attribute listSpecify the attributes of the user logging in and the conditions for each attribute.
Add User Property buttonDisplay the “Add Property” popup on the screen.
Table. Add rule
Access Environment
NameExplanation
NetworkSpecify the IP or network range of the user logging in. The default is “IP address anywhere”.
- Desktop
- Mobile
PlatformSpecify the device information of the user who logs in. The default is “Any platforms”.
- Desktop
- Mobile
browserSpecifies the browser information of the user who logs in. The default is “Any browsers”.
- Edge
- Chrome
- Safari
OSSpecify the OS information for login. The default is “Any OS”.
- Windows 10
- Windows 11
- Android
- iOS
AND Anomalies (Abnormal behavior)Set the condition to determine whether abnormal behavior is detected during login.
Abnormal behavior detection condition settings are only available for tenants who have purchased the Abnormal Behavior Detection (ADM) feature option.
To use the Abnormal Behavior Detection (ADM) feature, you must select the additional option when signing a SingleID contract.
If you wish to use the Abnormal Behavior Detection feature, you can purchase it additionally on the SCP product purchase page.
After configuring all “WHEN” condition areas, set the login method that will be used when a user matching the conditions logs in.
Table. Access environment
guide

The selectable user attributes are as follows.

User attribute information

attribute nameData typeRequired?Explanation
keyStringRequiredKey
usernameStringRequiredID
passwordGuardedStringRequiredPassword
statusStringRequiredstatus
mustChangePasswordBooleanRequiredWhether password enforcement is required
suspendedBooleanRequiredStandby status
creatorString-constructor
creationDateDate-Creation date
lastModifierString-Last editor
lastChangeDateDate-Last modified date
administratorBoolean-Admin status
displayNameString-Display name
cnString-Common Name
localString-Locale (email sending standard)
userSourceString-User source
syncDateString-Last synchronization time
contractNumberString-Contract Number
contractStartDateString-Contract start date
contractEndDateString-Contract End Date
agreementDateString-Date of required terms agreement
accountStartDateString-Account start date
accountEndDateString-Account expiration date
partnerOrganizationCodeString-Partner company code
approvalUserString-Approver ID
formattedNameString-Korean display name
familyNameString-Korean surname
givenNameString-Korean name
enFormattedNameString-English display name
enFamilyNameString-English surname
enGivenNameString-English name
adDomainString-AD Domain
nickNameString-nickname
employeeNumberString-Employee ID
epIdString-EP ID
emailString-Email address
phoneNumberWorkString-phone number
mobileString-mobile phone number
titleString-Job title
enTitleString-English job title
titleCodeString-Job grade code
entitlementString-Job title
departmentString-Department name
enDepartmentString-English department name
departmentCodeString-Department code
organizationString-Company name
enOrganizationString-English company name
organizationCodeString-Company code
regionString-base
userStatusString-Employee status
userTypeString-Employee type
securityLevelString-Security rating
preferredLanguageString-Knox language
executiveYnString-Executive status
timeZoneString-Time zone
accountLockedBoolean-Forced account lock
accountAutoLockedBoolean-Automatic account lock
accountDisabledBoolean-Unused account
accountSuspendedBoolean-Dormant account
accountSuspendedTimeDate-Dormant processing time
lastLoginTimeDate-Last login time
accountStateString-Account status
Table. User attributes

The operators are as follows.

operatorExplanation
EqualsSearches for users whose attribute value matches the condition value.
Not EqualsSearch for users whose attribute values do not match the condition value.
Starts withSearch for users whose attribute value starts with the condition string.
Ends withSearch for users whose attribute value ends with the condition string.
ContainsSearch for users whose attribute value includes the condition string.
Table.operator

THEN configuration

THEN Set the login method and procedure in the result area.

In the access permission setting (a), you can select one of the following two options.

  • Deny Access
  • Allow Access

If you select Deny Access, login for all users will be denied. (The default value for the access permission setting (a) is Deny Access.)

To allow users to log in and configure detailed login methods, select Allow Access.

NameExplanation
Configure access permissionSet whether access is allowed.
First login setupSet the primary login method. Additional login methods can be displayed on the login screen besides the default login method.
Additional login settingsConfigure it to require an additional login after the initial login succeeds.
Terms and Conditions Agreement SettingsConfigure it to display the terms and conditions and request consent when a user logs into SingleID for the first time.
PC SSO Agent SettingsConfigure it to verify whether a security program (Endpoint Security) is installed on the user’s PC using the PC SSO Agent.
Save buttonSave the modified login rules.
Table. THEN
  1. Select the Authenticator to use for login from the first login configuration’s selection list.
  2. If you want users to be able to log in with another Authenticator in addition to the selected primary login method, select the checkbox (V) of And allow another factors below: and choose one or more Authenticators to add in the text input box.
guide

On the Initial Redirection screen, if you select Redirected to the external IdP as the method to enter the login screen, the first login settings will not be displayed.

The first login occurs at an external Identity Provider according to the Initial Redirection settings.

  1. To require users to log in via multi-factor authentication, select the checkbox (V) in the additional login settings, then choose one or more Authenticators in the text input field.
  2. If a user logs in to SIngleID for the first time, to display the terms and conditions and request the user’s consent, check the terms and conditions consent setting checkbox and then select one or more terms or conditions to display on the screen from the text input box.
  3. To verify whether a security program (Endpoint Security) is installed on a user’s PC using the PC SSO Agent, select the checkbox (V) in the PC SSO Agent settings. When this setting is enabled, login attempts from users whose PCs do not have the security program installed will be blocked.

If the PC SSO Agent is not registered, the PC SSO Agent configuration option will not be displayed on the screen.

When the PC SSO Agent setting (e) is enabled, if you want to require additional authentication instead of blocking the login of users who do not have a security program installed on the PC, select the checkbox (V) below and then choose one or more Authenticators in the text input box.

Click the Save button to register the login rule and return to the rule list.

Rule priority management

If one or more login rules are added, the administrator can set the priority among the login rules. If a user matches the conditions set in multiple rules, the login method of the rule with the higher priority will be applied.

Follow the steps below to set the priority of login rules.

  1. Drag the area displayed to the left of the rule name in the rule list with the mouse.
  2. The priority of login rules is determined by the drag-and-drop location.
  3. Rules that appear higher in the list have higher priority.
Reference
The Default Policy has the lowest priority and its priority cannot be changed.

Policy Status Change

The status of the login policies managed by SingleID is as follows.

statusExplanation
ActiveLogin policy operating normally
InactiveLogin policy disabled by the administrator
Table. Policy status

The administrator can change the login policy status according to its current state as follows.

Current statusMutable stateExplanation
ActiveInactiveClick the Disable button to change an active login policy to an inactive state.
InactiveActiveClick the Activate button to change a disabled login policy to an active state. You can also delete a disabled login policy.
Table. Policy status
information

Among login policies, the two policies provided by default in SingleID, Admin Portal Policy and Default Policy, cannot be disabled.

If you disable a login policy, applications assigned to the disabled login policy will automatically be changed to be assigned to the default policy (Default Policy).

Disable policy

To disable an active login policy, follow these steps.

  1. Click the policy you want to deactivate in the policy list to navigate to the policy detail screen.
  2. Click the Disable button.
  3. Confirm popup displays login policy information (number of assigned applications, number of rules included in the login policy); after reviewing it, click the Deactivate button.
guide

If you disable a login policy, applications assigned to the disabled login policy will automatically be changed to be assigned to the default policy (Default Policy).

Even if you reactivate a disabled login policy, the applications previously assigned are not automatically reassigned.

Policy activation

To change a login policy from inactive to active, follow these steps.

  1. Click the policy you want to activate in the policy list to navigate to the policy detail screen.
  2. Click the Activate button to change the login policy status to active.
guide
When activating a login policy that is disabled, the status changes immediately without a separate confirmation popup.

Delete Policy

Administrators can delete the login policy from SingleID.

To delete the login policy, follow these steps.

  1. Click the policy you want to delete in the policy list to navigate to the policy detail screen.
  2. If the login policy is enabled, click the Disable button to deactivate the policy.
  3. Click the Delete button displayed at the top right of the disabled login policy.
  4. A popup screen confirming the deletion of the login policy is displayed.
  5. To delete a login policy, first review the policy information, then enter the name of the policy you want to delete and click the Delete button.
Reference

Deleted login policies cannot be restored.

When a login policy is deleted, the rules contained within the policy are also deleted, and even if you re-register a login policy with the same name, the deleted rules or configuration information will not be restored.

Access Simulation

When there are many login policies and the rules they contain, it can be difficult to determine which user is governed by which policy for login methods.

SingleID provides an access simulation feature that allows administrators to quickly verify the login policies and rules applied to users.

Using the access simulation feature, you can select the user and the target application, arbitrarily define the user’s login environment (network, device, browser, OS), and predict in advance which login method the user will experience under various circumstances.

Additionally, if there are review requests from users experiencing login difficulties, you can quickly verify using the access simulation feature and modify the problematic policies or rules.

To use the access simulation feature, click the Access Simulation button located at the top right of the login policy list screen.

NameExplanation
Enter user IDEnter the user ID of the simulation target.
Network SettingsSpecify the IP address of the user to simulate. The default is “IP address anywhere”.
Platform SettingsSpecify the device information of the user to be simulated. The default is “Any platforms”.
Browser SettingsSpecifies the browser information of the user to be simulated. The default is “Any browsers”.
OS SettingsSpecify the OS information of the user to be simulated. The default is “Any OS”.
Select ApplicationSelect the application to be simulated. Click the application selection button to display the popup.
Run Simulation buttonRun the access simulation.
Simulation resultsDisplays the access simulation results on the screen. The login policies and rules applied to the specified user are shown.
List buttonReturn to the login policy list.
Table. Access Simulation

To run the access simulation, follow the steps below.

  1. Enter the ID of the user to be simulated.
  2. Specify the IP of the user to simulate. After selecting Specific IP Address, you can manually enter the IP. Enter the IP in the format 123.123.123.123.
  3. Specify the device information of the user to simulate. After selecting Platform, you can choose a device from the selection list.
  4. Specify the browser information of the user to be simulated. After selecting Browser, you can choose a browser from the dropdown list.
  5. Specify the OS information of the user to simulate. After selecting OS, you can choose the OS from the selection list.
  6. Click the Application Selection button to select the application to simulate.
  7. In the Application Selection popup, click the radio button to the left of the application name to select the application, then click the Add button.
Reference

If you want to re-select the application, click the X button to the right of the selected application name, then click the Select Application button again.

  1. Click the Run Simulation button.
  2. The access simulation runs, and when it finishes, the login policies and rules are displayed on the screen according to the simulation results as shown below.

Authentication Policy

The administrator needs to change detailed authentication settings according to the organization’s security policy.

SingleID classifies and manages detailed authentication settings into the following four policies.

  • Session Policy
  • Authenticator policy
  • MFA Service Provider Policy
  • Password Policy

To access the authentication policy menu, navigate as follows.

  • Admin Portal > Policy > Authentication Policy

To modify the authentication policy, click the Edit button at the lower right of the authentication policy screen to change the settings, then click the Save button.

Session Policy

To change the session policy, follow the steps below.

  1. Click the Edit button at the lower right of the authentication policy screen.
  2. In the maximum session limit setting, you set the maximum number of sessions a user can create simultaneously.
  3. The minimum value that can be set is 1, and the maximum value is 100. When set to 1, a user can log in only from a single browser at a time and cannot log in simultaneously from multiple PCs or browsers.
  4. Set the priority of the session created by the user in the session priority settings. The priority can be selected from the following two options.
    • Old session
    • New session

When you set the maximum session limit to 1 and select Old session, a logged-in user will be blocked from logging in when they attempt a new login from another PC or browser where they are not logged in.

Also, when the maximum session limit setting (Œ) restricts the maximum number of sessions to 1 and New session is selected, if a logged-in user attempts a new login from another PC or browser that is not logged in, the previous browser’s session is forcibly expired and the session logged in from the new PC or browser is maintained.

In the maximum session time setting, set the maximum duration a session can be retained.

The maximum session time can be set to one of the following two options.

  • No time limit
  • Set time limit

If you set No time limit, a session that has been created will not automatically expire until the user logs out. After setting Set time limit and specifying a time, the session expires when the set time elapses, and the user is automatically logged out. Configure the maximum idle session time for the session in the maximum idle session time setting. If you set the maximum idle session time, the session will expire and the user will be automatically logged out when the user does not make an authentication request for the configured duration.

To save the changed settings, click the Save button at the bottom right of the authentication policy screen.

To avoid saving the changed settings, click the Cancel button at the lower right of the authentication policy screen.

NameExplanation
Maximum session limit settingSets the maximum number of concurrent sessions per user.
Session priority settingWhen a session exceeds the user’s maximum concurrent session count, set the priority between the previous session and the new session.
Maximum session time settingSet the maximum session duration after the session is created. The session expires when the maximum session duration elapses.
Maximum idle session time settingSet the session expiration time for when the user does not make an authentication request to the server for a certain period after the session is created.
Table. Access Simulation

Authenticator policy

To change the Authenticator policy, follow the steps below.

  1. Click the Edit button at the lower right of the authentication policy screen.
  2. Configure according to each item below.
  3. When the setup is complete, click the Save button.
NameExplanation
Available Authenticator settings
(for login policy)		Configure an Authenticator that can be used for authentication.
Authentication method during registrationSet the user’s primary identity verification method when registering the Authenticator.
Perform the following authentication.When registering an Authenticator, set additional identity verification methods to allow beyond the primary verification method designated for the user.
Find AccountSet the authentication method when retrieving the ID.
Password resetSet the authentication method for password recovery.
Unlock settingIf a user repeatedly fails authentication while using Authenticators, the ID becomes locked. You can set a duration so that the locked user’s lockout is automatically cleared after a specified period.
Table. Authenticator policy
guide

  1. To remove a specified Authenticator from the available Authenticator settings, it must first be removed from the rules of all login policies.

  2. Configurable Authenticators can be registered in the Authenticator addition menu. Disabled Authenticators cannot be configured in the available Authenticator settings.

guide

If you have not purchased an MFA product

  • Available Authenticator Settings (for login policy) is not displayed on this screen.
  • If you want to purchase additional MFA products, please contact us via Support Center > Contact Us.
guide

  1. If a user repeatedly enters an incorrect password, fails to log in, and becomes locked, the lock will not be released even after a certain amount of time has passed. Configure the lock and unlock methods for password‑based lockouts in Password Policy.

  2. If you reset a user’s password from the user menu, you can unlock a locked user before the unlock wait time expires. Refer to password reset.

MFA Service Provider Policy

To change the MFA Service Provider policy, follow the steps below.

  1. Click the Edit button at the lower right of the authentication policy screen.
  2. Refer to the table below and configure each item accordingly.
  3. When the configuration is complete, click the Save button.
Namedescription
Available Authenticator Settings
(for MFA Service Provider)		Configure the Authenticator that the user can use when an authentication request is generated by the MFA Service Provider.
Terms and Conditions OptionsWhen a user registers from the MFA Servicce Provider, you can display the terms and conditions and obtain the user’s consent.
Unlock settingWhen an authentication request occurs from the MFA Service Provider and the user repeatedly fails authentication, the ID becomes locked. You can set a duration so that the locked user’s lockout is automatically cleared after a certain period.
Table. MFA Service Provider Policy
guide

  1. To remove a specified Authenticator from the available Authenticator settings, it must first be removed from all MFA Service Providers.

  2. Configurable Authenticators can be registered from the Add Authenticator menu. Disabled Authenticators cannot be set in the available Authenticator settings.

  3. If a user authenticates with the MFA Service Provider for the first time, to display the terms and conditions to the user and require their consent, check the terms and conditions option checkbox and then select one or more terms or conditions to display on the screen in the text input box.

  4. If a user authenticating with the MFA Service Provider repeatedly fails authentication, the user’s ID becomes locked. To automatically unlock after a certain period, set the unlock wait time in the unlock settings.

Password Policy

To change the password policy, follow the steps below.

  1. Click the Edit button at the lower right of the authentication policy screen.
  2. Refer to the table below and configure each item accordingly.
  3. When the configuration is complete, click the Save button.
Namedescription
Password historyYou can configure the system to prevent reuse of previously used passwords. Specify the number of recent passwords to block reuse.
users will be unable to use the number of past passwords set above.
Password expirationSpecify the password validity period. After the validity period expires, you must change the password to log in.
It can be set from 1 day to 365 days.
Password lockIf the password is entered incorrectly repeatedly, the user’s ID will be locked. Specify the number of allowed repeated entry failures.
  • Automatic unlock after the set time (minutes) (1~1,440): Accounts that exceed the failure count will be locked for the configured time (minutes). Enter the automatic unlock time (minutes).
  • Automatic unlock after password reset
Pattern and ComplexitySet the minimum password length, minimum characters, numbers, etc.
Set minimum character countSpecifies the minimum password length.
Minimum alphabetic character count settingSpecifies the minimum number of alphabetic characters to include in the password.
Minimum number count settingSpecifies the minimum number of digits to include in the password.
Set minimum number of special charactersSpecifies the minimum number of special characters to include in the password.
Set maximum character countSpecifies the maximum length of the password.
Allow using the user ID as the passwordSet whether to allow the user’s ID to be included in the password.
Table. Password Policy
guide
Users locked out due to repeated password entry failures must reset their password themselves to unlock the account. To change the status of a user locked due to repeated password entry failures, refer to User Status Changes.

Sign‑up Policy

To allow user sign‑up, enable the registration policy, which permits registration of users other than those provisioned from the HR system or IdP. Through account synchronization, you can not only register, create, modify, and delete accounts but also provide features to invite users via the login screen or email.

To enable and use the registration policy, follow the steps below.

  1. Click Admin Portal > Policy > Sign‑up Policy.
  2. Enable Allow user registration.
  3. If you enable it, the Policy tab and User Invitation tab will appear.
  4. Review the descriptions of the Policy tab and the User Invitation tab below, and configure the policy.
  5. Click the Save button when the setup is complete.

Policy

You can set general policies for member registration.

NameExplanation
Display the sign‑up link on the login screenDisplay the sign‑up link on the SingleID login screen.
  • Show the SingleID sign‑up screen as a link: select when using the default SingleID sign‑up screen
  • Show an external sign‑up screen as a link: select when you have a separate sign‑up page
Terms and Conditions OptionsSelect the option to agree to the terms and conditions during sign‑up. During sign‑up, you can separately select and apply the terms and conditions.
Allow sign‑up invitationsWhen the feature is enabled, you can invite users via email. You can configure it so that only invited users can sign up, instead of using a separate registration page. With this setting, registration through the SingleID sign‑up link is not possible.
Sign-up input formSet the user attributes to be entered during registration. Additional inputs can be requested based on whether they are required.
ID duplication prevention settingWhen enabled, a suffix is added to the ID to prevent ID duplication.
This setting prevents cases where the ID of automatically provisioned accounts is the same. Since duplicate ID values are common, we recommend enabling this setting.
When signing up, the specified PostFix value is appended to the ID.
Maximum usage periodThe maximum usage period is set after registration. It can be set from day 1 to day 2000.
Approval upon sign‑up requestWhen a sign‑up request is made, you can enable the approval setting to load and apply the registered approval policy.
Table. Policy tab

Dormant User Policy

Provides a feature that changes users who have not used the SingleID system for an extended period to a dormant state. Users who have been set to a dormant state can be configured, according to the settings, to be restored either by the user themselves or by an administrator.

To enable and use the dormant user policy, follow these steps.

  1. Click Admin Portal > Policy > Human User Policy.
  2. Human User Policy Activation Click the toggle button
guide
If even one human user exists, it cannot be reverted to a disabled state.

Additional settings are as shown in the table below.

Namedescription
Criteria for setting a user as dormantThis setting converts users who do not log in to SingleID for N days into dormant users. It can be set from 1 day up to 365 days.
Send notification emailThis setting sends notification emails to users starting N days before the dormant state.
Additionally, you can also select the option to send notification emails to users when changing to the dormant state.
User exempt from dormant status changeClick the Add button to add an exception user for changing to dormant status.
Dormant State Exception GroupYou can configure exceptions for users who are members of the group.
Long-term human user managementThis feature automatically deletes a user account after it has been changed to a human user. It can be set for up to 1~365 days.
- You can configure it to send a reminder email N days before deleting the user (1~30 days)
- You can set it to send a notification email to the user when their information is deleted.
Allow dormant users to restore their status themselves.When the option is enabled, a dormant user can restore their own status to active. A dormant user can change their status to active by resetting the password through ‘Password Reset’, which also updates the password.
Table. Human User Policy List

Approval Policy

The administrator can select an approval system and, depending on the type, set policies for member registration and app access through various approval lines. With diverse approval policies, security policies can be flexibly applied each time they change.

Approval can be performed by distinguishing between the built-in approval system function and the Knox Portal approval system. If integration with another approval system is required, please request it via a 1:1 inquiry.

To check the approval policy, follow the path below.

  • Admin Portal > Policy > Approval Policy

Approval Policy List

The administrator can select an approval system and, depending on the type, set policies for member registration and app access using various approval lines. With diverse approval policies, security policies can be flexibly applied each time they change.

NameExplanation
IDThis is an automatically generated ID when creating an approval policy.
Approval SystemIt is distinguished by SingleID and Knox Portal. If registration with another approval system is required, please request it via a 1:1 inquiry.
typeIt is divided into app access and sign-up.
statusThis is the approval policy status. If Not usable, you must change the approver and notifier.
Enable approvalIt is categorized as in-use or not-in-use. Clicking the Details button lets you view applications that use the approval policy.
Table. Approval Policy List

Register Approval Policy

When you click the Register button, you can set the approval system, type, approver, notification method, and approval period.

NameExplanation
Approval SystemTwo options are available.
  • SingleID: can be approved through the user portal with self-approval
  • Knox Portal: can be approved using the Samsung Knox Portal approval system
typeTwo options are available.
  • App Access: Select to request application access permission
  • Sign Up: Select to apply for membership registration
ApproverSelect and register the approver and notifier.
Notification methodWhen an approval request is sent to the approver or notifier, choose the notification method.
Table. Approval Policy Registration

Anomaly Detection Policy

SingleID provides a feature that collects and analyzes user behavior data before and after authentication in real time to determine whether there are abnormal authentication activities, and immediately notifies the user of risk when identified as belonging to an abnormal authentication category.

To access the anomalous behavior detection policy menu, proceed as follows.

  • Admin Portal > Policy > Anomalous Activity Detection Policy
guide
Detailed explanations of the anomalous behavior detection policy menu are provided separately to ADM purchasing customers. If you did not purchase the anomalous behavior detection feature as an option, you cannot view the policy management menu in the Admin Portal. If you wish to use the anomalous behavior detection feature, please contact us via a 1:1 inquiry or reach out to a sales representative.

User Life Cycle Management

User lifecycle management provides configuration functions for setting default values when a user is created or registers, and for extending the user account’s usage period.

To enable and configure the user lifecycle management function, refer to the following.

Onboarding (subscriber)

Set the phone country code, language, and time zone when creating a user and signing up. To configure, click the Edit button at the bottom right to make changes.

Offboarding (former member)

Users can request an extension of their account usage period, and it can be configured to allow the maximum possible extension.

  1. Click the Activate toggle when requesting an extension of the user’s usage period.
  2. Enter N days for the maximum extendable period.
  3. Click the Change button in the usage period request approval to set the approver.

Conditional Authentication Policy

Conditional authentication policies can set rules to match the environment, settings, and individual circumstances of user accounts.

You can set the following rules.

Namedescription
Use multiple authenticatorsUsers who have relied on a single authentication method for an extended period must additionally verify their identity using a different type of authentication tool.
Table. Register Conditional Authentication Policy
guide
This conditional authentication policy will have rules added continuously, and it is slated for an upgrade to a workflow feature in the future.

5 - Terms and Conditions

We provide a feature that lets each company using SingleID manage Privacy Policy, Terms of Service, and other items according to their specific circumstances and characteristics.

You can draft a privacy policy that meets your organization’s requirements and notify users, or for users of SingleID, display the terms of service or usage conditions before use and obtain their consent.

Through the Terms and Conditions menu, you can notify users of the privacy policy, terms of use, usage conditions, etc., and obtain their consent. SingleID provides a default template to make drafting terms and conditions easier.

To access the Terms and Conditions menu, proceed as follows.

  • Tenant Admin Portal > Rebranding > Terms and Conditions

The features provided in the Terms and Conditions menu are as follows.

  • Terms and Conditions Property Settings
  • Version management of terms and conditions
  • Issuance of terms and conditions

Terms and Conditions List

The tenant administrator can view the terms and conditions in a list format.

The default template provided by SingleID is as follows.

Terms Type Template

  • Privacy
  • Terms of Use
  • Collection and Use of Personal Information
  • Marketing

Condition Type Template

  • Are you over age 14?

Cookie Type Template

  • Cookie

From the list, click a term or condition to edit its settings and navigate to its detailed screen.

NameExplanation
typeThe type is displayed as an icon.
NameThe name is displayed.
ExplanationThe description is displayed.
Type SettingsYou can change the type.
NameYou can edit the name.
Set required statusYou can set whether it is required.
Email notification settingYou can configure whether to notify changes via email when terms or conditions are modified.
ExplanationYou can edit the description.
Registration date and registrantThe registration date and registrant are displayed.
Modified DateThe last modified date and the last modifier are displayed.
List buttonThis is a button that returns to the list.
Edit buttonModify the terms or conditions.
Table. List of terms and conditions
  1. In the detail screen of the terms or conditions, select the General Settings tab.
  2. Click the Edit button.
  3. Title can be edited.
  4. You can edit required status. The selectable options are as follows.
    • Required: If these terms or conditions are presented to the user and they do not agree, usage will be restricted, preventing further login.
    • Choice: Whether you agree is up to the user, and even if you do not agree to the terms or conditions, you will not be restricted from logging in.
    • Note: We do not verify consent.
  5. You can edit the description of terms or conditions. The description is not shown to users and is used for the administrator’s reference.
  6. If you have modified all settings, click the Save button.

To return to the view state without saving the edited information, click the Cancel button.

Terms and Conditions Version Management

Tenant administrators can view and manage the versioned list of terms and conditions. The default version for each term and condition is v1.0.0, and it is registered by default for each template when a tenant is created. To view the version list, click the Version History tab on the detailed screen of the terms or conditions.

Version History

You can view the previous version by clicking the Version item at the top of the privacy policy and terms of use.

Click List to view the history of past publications. Once a version has been published, it cannot be edited.

Add version

If you click the Add button on the Version History tab, you can create a new version of terms and conditions.

If you want to add a version, follow the steps below.

  1. Click the Add button in the Version History tab.
  2. Click the desired locale to select the writing language.
  3. The language you selected indicates the region to be displayed in the privacy policy and terms of service. You need to draft the terms and conditions for each selected language.
  4. Enter the title and content for each locale language.
  5. Click the Save button and click the List button to return to the list.

After completing the draft, review the written article.

Reissue

Newly created versions are published by setting a reissue date.

To publish a new version, follow the steps below.

  1. In the Version History tab, click the Reissue Scheduled Date button.
  2. Set the version.
  3. Set the reissue date.
  4. Enable Reissue Modification. If enabled, the revised terms/conditions will be reissued, and users may need to consent based on the General Settings > Required status as of the terms/conditions modification date.
  5. Modification reason, please enter briefly.
  6. Click the Publish Settings button to complete the configuration.
Reference
Before the scheduled reissue date, you can edit the titles and content of the terms and conditions. After reissuance, editing is prohibited for version control. In the version history tab, pressing the Delete button in the version history list cancels the republishing.

6 - Settings

The Settings menu consists of Role Management, which manages the permissions of Admin Portal administrators, Ledger Management, which registers and manages SoT (ledger), and SMS Service, which registers SMS integration information for use in secondary multi-factor authentication.

Role management

Role management can control the permissions of administrators in the Admin Portal. In line with the principle of least privilege, we provide role management to enable administrators to operate with minimal permissions.

Administrators have two roles by default.

  • ADMINSTRATOR - a super administrator account with all privileges
  • SOT_MANAGER - a director, application system administrator, and an account with app management capabilities
information
Role permissions are configured only with ADMINISTRATOR and SOT_MANAGER. When adding permissions, please contact us via 1:1 Inquiry.

User assignment

To add a user with ADMINISTRATOR privileges, follow the steps below.

  1. Select ADMINSTRATOR from the menu, and click the User tab.
  2. To add a user, click the Add button.
  3. You can search for a user using the user ID, name, email address you wish to add.
  4. After searching for a user and selecting, click the Add button to add the user.
Reference
Delete User Select the user you want to delete and click Delete to delete them.

Director Management

SingleID can manage and view various SoTs.

nameExplanation
defaultThere are two basic types, and they are generated automatically.
- Mfa: Users coming from the MFA Service Provider (primary authentication system) correspond to the Mfa type. (When the MFA Service Provider does not specify a SoT)
- SingleID: Users and Groups created by the administrator through the Admin Portal’s Identity Store are linked to the corresponding SoT.
ApplicationThis is an SoT that is automatically generated by receiving user/group information via inbound provisioning from an external application (SoT).
MFA service ProviderThis is a SoT automatically generated based on the User Tag entered when creating an MFA Service Provider.
Table. Director Management

default

  • It is the primary ledger of SingleID, receiving entries through the Identity Store and MFA Service Provider.
    • Mfa: Mfa is the default SoT of the MFA service provider. * All users created through an MFA Service Provider without a specified User Tag are managed as MFA SoT. * MFA cannot be changed or deleted.
    • SingleID: SingleID is the default SoT. * It is used to manage users and groups created through the Admin Portal. * You cannot change or delete the SingleID.

Application

  • It is a ledger that is automatically created by receiving user/group information via inbound provisioning from an external application (SoT).
  • You can assign the person in charge of managing the ledger through the PIC tab (up to 50 people).

MFA Service Provider

  • When registered as an MFA Service Provider, setting a User tag creates a SoT, and new users who receive secondary authentication from that system are marked with #SoT.
  • You can view and manage the ledger received through this MFA Service Provider.
  • You can assign the person responsible for managing the ledger through the PIC tab (up to 50 people).

info
The ledger has a role designated for the responsible person, and SoT staff can only view, edit, or delete ledgers that are assigned to them.
 

SMS service configuration

Administrators can enable the SMS service using the activation toggle button.

SCP SMS Service Configuration

After activating the SMS service, set the SCP SMS service in the SMS service settings.

NameExplanation
Activate SMS serviceSet SMS service activation/deactivation to toggle mode
Select SMS serviceSelect SMS to use (SCP SMS)
SMS service configurationSelected SMS settings (URL and Key registration)
SMS sending testSettings for SMS sending test
Table. SCP SMS Service Configuration

To set up and use the SMS service, follow the steps below.

  1. SMS Service Activation Click the toggle button to activate the service.
  2. Select SCP SMS Service.
  3. Click Edit, enter the required values to configure SMS, and save.
    • SCP SMS - SCP SMS Service Endpoint URL, SCP SMS Service App Key
  4. To save changes, click the Save button. 4. When you click the Save button, a notification popup appears asking whether to save the changes.
  5. When you click the Confirm button, the changes are saved, and when the changes are successfully completed, a toast message appears. 5. When the Cancel button is clicked, the administrator’s registration/modification changes are not updated and it returns to the SMS screen.

Knox SMS Settings

Knox SMS is an SMS service provided by Knox. After enabling the SMS service, select Knox SMS to configure it.

nameExplanation
Select SMS serviceSelect SMS service to use (Knox SMS)
Selected SMS service settingsRegister caller phone number
SMS signatureIf you enable the activation toggle, you can set the first phrase when sending an SMS. It is added as the initial header of the SMS content according to the customer’s situation. Example: [XX Electronics]
SMS sending testSettings for SMS sending test
Table. Knox SMS

SMS sending test

To set up and use the Knox SMS service, follow the steps below.

  1. Select the Knox SMS service.
  2. Click Edit to register the sender phone number for configuring the SMS service.
  3. To save changes, click the Save button.
  4. To verify that the SMS settings are correct, you can enter a phone number for the SMS sending test and click Send to perform the test.
  5. When you click the Send button, a popup appears asking whether to send an SMS test to that number. 5. When you click Confirm, an SMS is sent to the entered number and a popup window appears. 5. A toast message appears indicating that an SMS has been sent to the specified number.

BizBuriO SMS Settings

After activating the SMS service, select Bizburio SMS in the Bizburio SMS service settings to configure it.

NameExplanation
Select SMS serviceSelect SMS service to use (BizBuriO SMS)
Selected SMS service settingsRegister caller phone number
SMS sending testSettings for SMS sending test
Table. BizpuriO SMS

SMS sending test

To configure and use the BizBuriO SMS service, follow the steps below.

  1. Select the BizBuriO SMS service.
  2. Click Edit to register the sender phone number for configuring the SMS service.
  3. To save changes, click the Save button.
  4. To verify that the SMS settings are correct, you can enter a phone number for the SMS sending test and click Send to perform the test.
  5. When you click the Send button, a popup appears asking whether to send an SMS test to that number. 5. When you click Confirm, an SMS is sent to the entered number and a popup window appears. 5. A toast message appears indicating that an SMS has been sent to that number.

7 - Monitoring

The Monitoring menu lets you view the login history of all users, MFA history, and administrator audit logs.

Login History

Provides users’ login history through the Monitoring menu. Users can also view their own login history via the User Portal.

NameExplanation
AllClicking All displays the history of successful and failed logins.
SuccessWhen you click Success, the history of successful logins will be displayed.
This record shows that the user successfully logged in.
FailureClicking Failure will display the history of failed login attempts.
This entry records a user login failure.
CSV downloadClicking CSV Download will download the history as a CSV file.
Table. Login History
NameExplanation
Login date and timeThe date and time the user logged in
IDUser ID
NameUser name
LocationUser’s connection location
countryCountry of connection
cityConnected city
IP addressConnecting IP address
ApplicationConnecting application
Operating SystemOperating system environment you are connecting to
BrowserConnecting browser
DetectionDetection
ResultLogin success result
Table. Login history items

MFA History

In the Admin Portal, you can view users’ MFA (multi-factor authentication) history through the Monitoring menu. Users can also view their own MFA history via the User Portal.

guide
You need to purchase the MFA product to view the log.
NameExplanation
AllClicking All displays the history of successful and failed composite authentication.
SuccessWhen you click Success, the history of successful multi-factor authentication is retrieved.
This history is the record of the user successfully logging in.
FailureClicking “Failure” will display the history of failed multi-factor authentication.
This history shows the user’s failed login attempts.
ExpirationClicking Expire displays the history of expired multi-factor authentication.
CSV downloadClicking CSV Download will download the history as a CSV file.
Table. MFA history
NameExplanation
Event date and timeDate and time the user attempted multi-factor authentication
IDUser ID
NameUser name
IP addressConnecting IP address
Management entityUser account management entity
Event typeTypes used for authentication
- Enrollment : Registration
- Authentication : Authentication
- Secondary multi-factor authentication
ApplicationConnecting application
System codeSystem code entered when registering the MFA provider
AuthenticatorAuthentication methods used for multi-factor authentication
ResultLogin success result
Table. MFA history items
guide
You need to purchase the MFA product to view the log.

Administrator audit log

In the Admin Portal, the monitoring menu records the administrator’s activity history.

NameExplanation
dateLog timestamp
IDAdministrator ID
MenuMenu
SubmenuSubmenu
ActionActivity Log
- View : Retrieve
- List : List View
- Update : Edit
- Create : Create
Event typeTypes used for authentication
- Enrollment : Registration
- Authentication : Authentication
- Secondary multi-factor authentication
ResultResult of activity log
Table. Administrator Audit Log
guide

To download monitoring history as Excel (CSV), we recommend staying below the following count. You can adjust the number of retrieved items by changing the search criteria.

  • Login history: 20,000 entries or less
  • MFA history: 100,000 entries or less
  • Administrator audit log: 20,000 entries or less

8 - Open Source licence

The open source licenses used in the SingleID solution are as follows. For more details, see below.

SingleID_SSO-Agent-Windows

The following sets forth attribution notices for third party software that may be contained in portions of this product. If you have any questions, please contact global.cs@samsung.com

LicenseOpen Source ComponentLicense Text
BSD 3-clause “New” or “Revised” LicenseNLog - Advanced .NET Logging http://www.nuget.org/packages/NLogNLog - Advanced .NET Logging:

Copyright (c)2004-2023 Nlog

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

* Neither the name of the nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED THE POSSIBILITY OF SUCH DAMAGE.
MIT LicenseJose JWT: http://www.nuget.org/packages/jose-jwt

cassia: http://www.nuget.org/packages/Cassia

Bouncy-Castle: https://www.nuget.org/packages/Bouncy-Castle

Fody: http://www.nuget.org/packages/Fody

Json.NET: http://www.nuget.org/packages/Newtonsoft.Json

Costura.Fody: http://www.nuget.org/packages/Costura.Fody

Opencover: http://www.nuget.org/packages/OpenCover

Fleck2: http://www.nuget.org/packages/Fleck2

chartist-js: http://github.com/gionkunz/chartist-js/		The MIT License

Jose JWT: Copyright (c) 2014-2021 dvsekhvalnov

cassia: Copyright (c) 2008 - 2017 Dan Ports

Bouncy-Castle: Copyright (c) 2000-2023 The Legion of the Bouncy Castle Inc.

Bouncy-Castle: https://www.nuget.org/packages/Bouncy-Castle

Fody: http://www.nuget.org/packages/Fody

Json.NET: http://www.nuget.org/packages/Newtonsoft.Json

Costura.Fody: http://www.nuget.org/packages/Costura.Fody

Opencover: http://www.nuget.org/packages/OpenCover

Fleck2: http://www.nuget.org/packages/Fleck2

chartist-js: http://github.com/gionkunz/chartist-js/

Fody: Copyright (c) Simon Cropp Json.NET: Copyright (c) 2007 James Newton-King

Costura.Fody: Copyright (c) 2012 Simon Cropp and contributors

Opencover: Copyright (c) 2011-2019 Shaun Wilde

Fleck2: Copyright (c) 2013 Peter Sunde

Copyright (c) 2010-2012 Jason Staten

chartist-js: Copyright (c)2013 Gion Kunz gion.kunz@gmail.com

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Mozilla Public License 2.0OpenRPA: https://github.com/open-rpa/openrpa.gitMozilla Public License Version 2.0

1. Definitions

1.1. “Contributor”

means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software.

1.2. “Contributor Version”

means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor’s Contribution.

1.3. “Contribution”

means Covered Software of a particular Contributor.

1.4. “Covered Software”

means Source Code Form to which the initial Contributor has attached the notice in Exhibit A, the Executable Form of such Source Code Form, and Modifications of such Source Code Form, in each case including portions thereof.

1.5. “Incompatible With Secondary Licenses”

means

a. that the initial Contributor has attached the notice described in Exhibit B to the Covered Software; or

b. that the Covered Software was made available under the terms of version 1.1 or earlier of the License, but not also under the terms of a Secondary License.

1.6. “Executable Form”

means any form of the work other than Source Code Form.

1.7. “Larger Work”

means a work that combines Covered Software with other material, in a separate file or files, that is not Covered Software.

1.8. “License”

means this document.

1.9. “Licensable”

means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently, any and all of the rights conveyed by this License.

1.10. “Modifications”

means any of the following:

c. any file in Source Code Form that results from an addition to, deletion from, or modification of the contents of Covered Software; or

d. any new file in Source Code Form that contains any Covered Software.

1.11. “Patent Claims” of a Contributor

means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version.

1.12. “Secondary License”

means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General Public License, Version 3.0, or any later versions of those licenses.

1.13. “Source Code Form”

means the form of the work preferred for making modifications.

1.14. “You” (or “Your”)

means an individual or a legal entity exercising rights under this License. For legal entities, “You” includes any entity that controls, is controlled by, or is under common control with You. For purposes of this definition, “control” means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity.

2. License Grants and Conditions

2.1. Grants

Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license:

a. under intellectual property rights (other than patent or trademark) Licensable by such Contributor to use, reproduce, make available, modify, display, perform, distribute, and otherwise exploit its Contributions, either on an unmodified basis, with Modifications, or as part of a Larger Work; and

b. under Patent Claims of such Contributor to make, use, sell, offer for sale, have made, import, and otherwise transfer either its Contributions or its Contributor Version.

2.2. Effective Date

The licenses granted in Section 2.1 with respect to any Contribution become effective for each Contribution on the date the Contributor first distributes such Contribution.

2.3. Limitations on Grant Scope

The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor:

c. for any code that a Contributor has removed from Covered Software; or

d. for infringements caused by: (i) Your and any other third party’s modifications of Covered Software, or (ii) the combination of its Contributions with other software (except as part of its Contributor Version); or

e. under Patent Claims infringed by Covered Software in the absence of its Contributions.

This License does not grant any rights in the trademarks, service marks, or logos of any Contributor (except as may be necessary to comply with the notice requirements in Section 3.4).

2.4. Subsequent Licenses

No Contributor makes additional grants as a result of Your choice to distribute the Covered Software under a subsequent version of this License (see Section 10.2) or under the terms of a Secondary License (if permitted under the terms of Section 3.3).

2.5. Representation

Each Contributor represents that the Contributor believes its Contributions are its original creation(s) or it has sufficient rights to grant the rights to its Contributions conveyed by this License.

2.6. Fair Use

This License is not intended to limit any rights You have under applicable copyright doctrines of fair use, fair dealing, or other equivalents.

2.7. Conditions

Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in Section 2.1.

3. Responsibilities

3.1. Distribution of Source Form

All distribution of Covered Software in Source Code Form, including any Modifications that You create or to which You contribute, must be under the terms of this License. You must inform recipients that the Source Code Form of the Covered Software is governed by the terms of this License, and how they can obtain a copy of this License. You may not attempt to alter or restrict the recipients’ rights in the Source Code Form.

3.2. Distribution of Executable Form

If You distribute Covered Software in Executable Form then:

a. such Covered Software must also be made available in Source Code Form, as described in Section 3.1, and You must inform recipients of the Executable Form how they can obtain a copy of such Source Code Form by reasonable means in a timely manner, at a charge no more than the cost of distribution to the recipient; and

b. You may distribute such Executable Form under the terms of this License, or sublicense it under different terms, provided that the license for the Executable Form does not attempt to limit or alter the recipients’ rights in the Source Code Form under this License.

3.3. Distribution of a Larger Work

You may create and distribute a Larger Work under terms of Your choice, provided that You also comply with the requirements of this License for the Covered Software. If the Larger Work is a combination of Covered Software with a work governed by one or more Secondary Licenses, and the Covered Software is not Incompatible With Secondary Licenses, this License permits You to additionally distribute such Covered Software under the terms of such Secondary License(s), so that the recipient of the Larger Work may, at their option, further distribute the Covered Software under the terms of either this License or such Secondary License(s).

3.4. Notices

You may not remove or alter the substance of any license notices (including copyright notices, patent notices, disclaimers of warranty, or limitations of liability) contained within the Source Code Form of the Covered Software, except that You may alter any license notices to the extent required to remedy known factual inaccuracies.

3.5. Application of Additional Terms

You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, You may do so only on Your own behalf, and not on behalf of any Contributor. You must make it absolutely clear that any such warranty, support, indemnity, or liability obligation is offered by You alone, and You hereby agree to indemnify every Contributor for any liability incurred by such Contributor as a result of warranty, support, indemnity or liability terms You offer. You may include additional disclaimers of warranty and limitations of liability specific to any jurisdiction.

4. Inability to Comply Due to Statute or Regulation

If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Software due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be placed in a text file included with all distributions of the Covered Software under this License. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it.

5. Termination

5.1. The rights granted under this License will terminate automatically if You fail to comply with any of its terms. However, if You become compliant, then the rights granted under this License from a particular Contributor are reinstated (a) provisionally, unless and until such Contributor explicitly and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor fails to notify You of the non-compliance by some reasonable means prior to 60 days after You have come back into compliance. Moreover, Your grants from a particular Contributor are reinstated on an ongoing basis if such Contributor notifies You of the non-compliance by some reasonable means, this is the first time You have received notice of non-compliance with this License from such Contributor, and You become compliant prior to 30 days after Your receipt of the notice.

5.2. If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate.

5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or Your distributors under this License prior to termination shall survive termination.

6. Disclaimer of Warranty

Covered Software is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the Covered Software is free of defects, merchantable, fit for a particular purpose or non-infringing. The entire risk as to the quality and performance of the Covered Software is with You. Should any Covered Software prove defective in any respect, You (not any Contributor) assume the cost of any necessary servicing, repair, or correction. This disclaimer of warranty constitutes an essential part of this License. No use of any Covered Software is authorized under this License except under this disclaimer.

7. Limitation of Liability

Under no circumstances and under no legal theory, whether tort (including negligence), contract, or otherwise, shall any Contributor, or anyone who distributes Covered Software as permitted above, be liable to You for any direct, indirect, special, incidental, or consequential damages of any character including, without limitation, damages for lost profits, loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses, even if such party shall have been informed of the possibility of such damages. This limitation of liability shall not apply to liability for death or personal injury resulting from such party’s negligence to the extent applicable law prohibits such limitation. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so this exclusion and limitation may not apply to You.

8. Litigation

Any litigation relating to this License may be brought only in the courts of a jurisdiction where the defendant maintains its principal place of business and such litigation shall be governed by laws of that jurisdiction, without reference to its conflict-of-law provisions. Nothing in this Section shall prevent a party’s ability to bring cross-claims or counter-claims.

9. Miscellaneous This License represents the complete agreement concerning the subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not be used to construe this License against a Contributor.

10. Versions of the License

10.1. New Versions Mozilla Foundation is the license steward. Except as provided in Section 10.3, no one other than the license steward has the right to modify or publish new versions of this License. Each version will be given a distinguishing version number.

10.2. Effect of New Versions You may distribute the Covered Software under the terms of the version of the License under which You originally received the Covered Software, or under the terms of any subsequent version published by the license steward.

10.3. Modified Versions

If you create software not governed by this License, and you want to create a new license for such software, you may create and use a modified version of this License if you rename the license and remove any references to the name of the license steward (except to note that such modified license differs from this License).

10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses

If You choose to distribute Source Code Form that is Incompatible With Secondary Licenses under the terms of this version of the License, the notice described in Exhibit B of this License must be attached.

Exhibit A - Source Code Form License Notice

This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

If it is not possible or desirable to put the notice in a particular file, then You may include the notice in a location (such as a LICENSE file in a relevant directory) where a recipient would be likely to look for such a notice.

You may add additional accurate notices of copyright ownership.

Exhibit B - “Incompatible With Secondary Licenses” Notice

This Source Code Form is “Incompatible With Secondary Licenses”, as defined by the Mozilla Public License, v. 2.0.
SingleID_SSO-Agent-Windows

SingleID_ADFS-Adapter

The following sets forth attribution notices for third party software that may be contained in portions of this product. If you have any questions, please contact global.cs@samsung.com

LicenseOpen Source ComponentLicense Text
Apache License 2.0Microsoft.NetFramework.Analyzers, Microsoft.CodeAnalysis.VersionCheckAnalyzer, Microsoft.NetCore.Analyzers, Microsoft.CodeAnalysis.FxCopAnalyzers, Microsoft.CodeQuality.AnalyzersApache License Version 2.0, January 2004

http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions.

“License” shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.

“Licensor” shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.

“Legal Entity” shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, “control” means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.

“You” (or “Your”) shall mean an individual or Legal Entity exercising permissions granted by this License. “Source” form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.

“Object” form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.

“Work” shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice License Open Source Software License Text that is included in or attached to the work (an example is provided in the Appendix below).

“Derivative Works” shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.

“Contribution” shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, “submitted” means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as “Not a Contribution.”

“Contributor” shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.

2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.

3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:

a. You must give any other recipients of the Work or Derivative Works a copy of this License; and

b. You must cause any modified files to carry prominent notices stating that You changed the files; and

c. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and

d. If the Work includes a “NOTICE” text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License.

You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.

You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.

6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or License Open Source Software License Text redistributing the Work and assume any risks associated with Your exercise of permissions under this License.

8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

APPENDIX: How to apply the Apache License to your work

To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets “[]” replaced with your own identifying information. (Don’t include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same “printed page” as the copyright notice for easier identification within third-party archives.

Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Microsoft .NET Library LicenseSystem.Security.Claims http://www.nuget.org/packages/System.Security.ClaimsMICROSOFT SOFTWARE LICENSE TERMS MICROSOFT .NET LIBRARY

These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft

* updates,

* supplements,

* Internet-based services, and

* support services

for this software, unless other terms accompany those items. If so, those terms apply.

BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.

IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE PERPETUAL RIGHTS BELOW.

1. INSTALLATION AND USE RIGHTS.

a. Installation and Use. You may install and use any number of copies of the software to design, develop and test your programs. You may modify, copy, distribute or deploy any .js files contained in the software as part of your programs.

b. Third Party Programs. The software may include third party programs that Microsoft, not the third party, licenses to you under this agreement. Notices, if any, for the third party program are included for your information only.

2. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.

a. DISTRIBUTABLE CODE. In addition to the .js files described above, the software is comprised of Distributable Code. “Distributable Code” is code that you are permitted to distribute in programs you develop if you comply with the terms below.

i. Right to Use and Distribute.

* You may copy and distribute the object code form of the software.

* Third Party Distribution. You may permit distributors of your programs to copy and distribute the Distributable Code as part of those programs.

ii. Distribution Requirements. For any Distributable Code you distribute, you must

* use the Distributable Code in your programs and not as a standalone distribution;

* require distributors and external end users to agree to terms that protect it at least as much as this agreement;

* display your valid copyright notice on your programs; and

* indemnify, defend, and hold harmless Microsoft from any claims, including attorneys’ fees, related to the distribution or use of your programs.

iii. Distribution Restrictions. You may not

* alter any copyright, trademark or patent notice in the Distributable Code;

* use Microsoft’s trademarks in your programs’ names or in a way that suggests your programs come from or are endorsed by Microsoft;

* include Distributable Code in malicious, deceptive or unlawful programs; or

* modify or distribute the source code of any Distributable Code so that any part of it becomes subject to an Excluded License. An Excluded License is one that requires, as a condition of use, modification or distribution, that

* the code be disclosed or distributed in source code form; or

* others have the right to modify it. 3. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not

* work around any technical limitations in the software;

* reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;

* publish the software for others to copy;

* rent, lease or lend the software; or

* transfer the software or this agreement to any third party.

BACKUP COPY.

You may make one backup copy of the software. You may use it only to reinstall the software.

DOCUMENTATION.

Any person that has valid access to your computer or internal network may copy and use the documentation for your internal, reference purposes.

EXPORT RESTRICTIONS.

The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting SUPPORT SERVICES. Because this software is “as is,” we may not provide support services for it. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services. APPLICABLE LAW.

a. United States. If you acquired the software in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.

b. Outside the United States. If you acquired the software in any other country, the laws of that country apply.

LEGAL EFFECT.

This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.

DISCLAIMER OF WARRANTY. THE SOFTWARE IS LICENSED “AS-IS.” YOU BEAR THE RISK OF USING IT. MICROSOFT GIVES NO EXPRESS WARRANTIES, GUARANTEES OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS OR STATUTORY GUARANTEES UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT EXCLUDES THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

FOR AUSTRALIA – YOU HAVE STATUTORY GUARANTEES UNDER THE AUSTRALIAN CONSUMER LAW AND NOTHING IN THESE TERMS IS INTENDED TO AFFECT THOSE RIGHTS.

LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.

This limitation applies to

* anything related to the software, services, content (including code) on third‑party Internet sites, or third‑party programs; and claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.

It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.

Please note: As this software is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French.

Note: This software is distributed in Quebec, Canada, and some of the clauses in this agreement are provided below in French.

DISCLAIMER OF WARRANTY. The licensed software is provided “as is”. Any use of this software is at your sole risk. Microsoft gives no other express warranties. You may have additional rights under local consumer protection law, which this agreement cannot modify. Where permitted by local law, the implied warranties of merchantability, fitness for a particular purpose, and non‑infringement are excluded.

LIMITATION OF DAMAGES AND EXCLUSION OF LIABILITY FOR DAMAGES. You may obtain compensation from Microsoft and its suppliers for direct damages only up to US $5.00. You cannot claim any compensation for other damages, including special, indirect, or incidental damages and loss of profits.

This limitation applies to:

* anything related to the software, services, or content (including code) on third‑party Internet sites or in third‑party programs; and

* claims for breach of contract or warranty, or for strict liability, negligence, or any other fault to the extent permitted by applicable law.

It also applies even if Microsoft knew or should have known about the possibility of such damage. If your country does not allow exclusion or limitation of liability for indirect, incidental, or any other type of damages, the above limitation or exclusion may not apply to you.

LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. This agreement does not alter the rights granted to you by your country’s laws if those laws do not permit it.
MIT LicenseSystem.IdentityModel.Tokens.Jwt, http://www.nuget.org/packages/System.IdentityModel.Tokens.Jwt

Microsoft.IdentityModel.Abstractions, https://www.nuget.org/packages/Microsoft.IdentityModel.Abstractions

System.ValueTuple, http://www.nuget.org/packages/System.ValueTuple

System.Threading.Tasks.Extensions, http://www.nuget.org/packages/System.Threading.Tasks.Extensions

System.Security.AccessControl, http://www.nuget.org/packages/System.Security.AccessControl

System.IO.FileSystem.AccessControl, http://www.nuget.org/packages/System.IO.FileSystem.AccessControl

System.Runtime.CompilerServices.Unsafe, http://www.nuget.org/packages/System.Runtime.CompilerServices.Unsafe

Microsoft.Bcl.AsyncInterfaces, https://www.nuget.org/packages/Microsoft.Bcl.AsyncInterfaces

System.DirectoryServices, http://www.nuget.org/packages/System.DirectoryServices

System.Buffers, http://www.nuget.org/packages/System.Buffers

System.Text.Json, http://www.nuget.org/packages/System.Text.Json

Microsoft.IdentityModel.Tokens, http://www.nuget.org/packages/Microsoft.IdentityModel.Tokens

System.Numerics.Vectors, http://www.nuget.org/packages/System.Numerics.Vectors

Microsoft.IdentityModel.Logging, http://www.nuget.org/packages/Microsoft.IdentityModel.Logging

System.Security.Principal.Windows, http://www.nuget.org/packages/System.Security.Principal.Windows

System.Memory, http://www.nuget.org/packages/System.Memory

System.Text.Encodings.Web, http://www.nuget.org/packages/System.Text.Encodings.Web

azure-activedirectory-identitymodel-extensions-for-dotnet http://www.nuget.org/packages/Microsoft.IdentityModel.JsonWebTokens		The MIT License

azure-activedirectory-identitymodel-extensions-for-dotnet

Copyright (c) Microsoft Corporation. All rights reserved.

Microsoft.Bcl.AsyncInterfaces

Copyright (c) Microsoft Corporation. All rights reserved.

Microsoft.IdentityModel.Abstractions

Copyright (c) Microsoft Corporation. All rights reserved

Microsoft.IdentityModel.Logging

Copyright (c) Microsoft Corporation. All rights reserved

Microsoft.IdentityModel.Tokens

Copyright (c) Microsoft Corporation. All rights reserved

System.Buffers

Copyright (c) Microsoft Corporation. All rights reserved

System.DirectoryServices

Copyright (c) Microsoft Corporation. All rights reserved

System.IdentityModel.Tokens.Jwt

Copyright (c) Microsoft Corporation. All rights reserved

System.IO.FileSystem.AccessControl

Copyright (c) Microsoft Corporation. All rights reserved

System.Memory

Copyright (c) Microsoft Corporation. All rights reserved

System.Numerics.Vectors

Copyright (c) Microsoft Corporation. All rights reserved

System.Runtime.CompilerServices.Unsafe

Copyright (c) Microsoft Corporation. All rights reserved

System.Security.AccessControl

Copyright (c) Microsoft Corporation. All rights reserved

System.Security.Principal.Windows

Copyright (c) Microsoft Corporation. All rights reserved

System.Text.Encodings.Web

Copyright (c) Microsoft Corporation. All rights reserved

System.Text.Json

Copyright (c) Microsoft Corporation. All rights reserved

System.Threading.Tasks.Extensions

Copyright (c) Microsoft Corporation. All rights reserved

System.ValueTuple Copyright (c) Microsoft Corporation. All rights reserved

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
SingleID_ADFS-Adapter