The page has been translated by Gen AI.

Integration

Integration is a service that sets up and manages authentication services and account information for various applications.

In SCP SingleID, we support integration with new applications through customized authentication linkage and account distribution services, as well as the DIY (Do-It-Yourself) feature.

Through the integration menu, we provide integration management features such as Application, Identity Provider, Authenticator, MFA Service Provider.

Application

The application is a menu that registers and connects various applications to apply the authentication service of SCP SingleID.

The administrator can register/modify a new application through the application list screen, and can sort, search, and delete registered applications.

Application List

The administrator can select a registered application on the application list screen to edit/delete, sort, search, etc., and can navigate to a menu screen where a new application can be registered.

To check the application list, access the menu as follows.

  • Admin Portal > Integration > Application
CategoryDescription
NameThis is the name of the application. It can be entered when creating the application.
TypeClassified by application integration protocols as SAML, OIDC, SCIM.
DisplayThis is a displayed item in the User Portal application list.
  • Display: It is shown to users in the User Portal, allowing them to request access permissions.
  • Blank: It is hidden in the User Portal, making it impossible for users to request directly.
StatusIt is the application status. It is divided into active and inactive.
  • Active: The state where the administrator has completed the settings so that the user can access the application
  • Inactive: The state where the user cannot access the application due to the administrator’s settings
All buttonDisplays all active and inactive applications in the list.
Active buttonOnly active applications are displayed in the list.
Inactive buttonOnly inactive applications are displayed in the list.
Search term input fieldYou can search the application list. After entering a search term, click the magnifying glass icon or press Enter to perform the search.
  • Searchable items: name, description
Detail buttonDetailed search is possible. Search conditions can be combined with AND. After entering multiple fields and clicking the ‘Search’ button, the search is performed according to the conditions.
  • Reset button clicking resets all search fields.
Download buttonSAML metadata download is available. You can download the SAML metadata files for the internal network and the internet network.
Register buttonYou can register a new application.
Table. Application List

Application Registration

The administrator can register the application by clicking the Register button on the list screen.

Application registration is possible in two ways: Custom App Integration and Pre-Built App Integration.

To register an application, access the menu as follows.

  • Admin Portal > Integration > Application > Register Button Click
  • Custom App Integration or Pre-Built App Integration Select tab

Custom App Integration

Custom App Integration registration is a connection menu for authenticating the application you want to integrate and distributing accounts.

We provide three types of connection functions as follows.

When you want to register an application by linking authentication, you provide and select the type (SAML, OIDC) according to the standard authentication linkage method.

When registering an application by linking account distribution, we provide the standard online API method (SCIM).

Reference

The integration features provided by SingleID can be classified as follows, and the information input and configuration steps differ depending on the required integration scope. When setting up the standard authentication integration methods SAML and OIDC, if account provisioning is not selected, the attribute integration step is omitted, shortening the registration process.

Standard ProtocolAuthentication linkage, account deployment linkageAuthentication linkageAccount deployment linkage
SAML-
OIDC-
SCIM--
Table. Standard Protocol

To register the application Custom App Integration, follow the steps below.

  1. Admin Portal > Integration > Application > Register Click button
  2. Custom App Integration > Web Application(SAML) orWeb Application(OIDC) or Identity Provisioning(SCIM v2.0) select > Next click the button
  3. Go to detailed settings

Through a screen consisting of six steps as follows, you can enter and configure the information required for integration and register the application.

Applications using standard protocols (SAML, OIDC, SCIM) can register information and set policies and attributes through a screen consisting of the following six steps.

  1. General
  2. SSO
  3. Provisioning
  4. Profile
  5. Policy
  6. Assignment

General

Enter the general application information by referring to the below.

CategoryDescriptionRequired?
NameEnter the application name.Required
DescriptionEnter description of the application.Select
Logo ImageRegister logo. (File upload or URL link)Select
Screen displayDisplayed to the user on the User Portal.Select
Access URLEnter the application access URL.Required
Auto LogoutSet auto logout according to session policy.Select
Automatic RedirectionSet to automatically move to the Service Provider after logout.Select
Logout URLEnter the URL address to navigate to after logout (if not entered, use Access URL)Optional
Table. General Application Information
Reference
Delete Application If you want to delete, select the checkbox ([V]) and then click the Delete button at the top of the list.

SSO

On the SSO information input screen, enter Single Sign On configuration information.

CategoryDescriptionRequired
IssuerEnter the unique identifier value of SP.Required
Single Sign-On URLEnter Full URL for login.Required
Logout URLEnter SLO Return URL.Optional
Logout MethodProvides Back-Channel Logout, Front-Channel Logout (HTTP Redirect Binding), Front-Channel Logout (HTTP POST Binding).Required
Response SigningSAML Response signing setting.Select
Validation On-RequestSetting whether to use Signature Validation.Select
EncryptionEncryption application setting.Select
Application CertificateCertificate registration (PEM format)Required
Attribute to map during SSOSelect SSO connection attribute information and set a unique value.Required
‘Metadata File Import’ buttonProvides SAML metadata file upload functionality. (Identifies ID provider endpoint and certificate)Select
Table. SSO Information
Reference

Single Sign-On Settings

  • If you select either Validation On Request or Encryption, you must register a certificate. (Register the certificate value exported as Plain Text)
  • Attribute to map during SSO Information can be added by clicking to select attribute information provided by SingleID. Among the selected attributes, a unique value for user identification must be selected as mandatory.
  • To deliver SingleID’s Attribute information to the connected target application, you can align the SingleID attribute name to the attribute name that will be mapped in the application and deliver it. This communication information exchanged during authentication is called claim (Claim) information, and the received information is used by the SP to set permissions or as attribute information for operation and management.

Provisioning

The Provisioning menu is an account management function that can distribute user information to applications for synchronization. In SingleID, we provide methods based on global standard API specifications such as SCIM and REST.

On the Provisioning information input screen, enter the configuration information for account information distribution.

CategoryDescriptionRequired?
Provisioning ConfigurationIf you want to use account information synchronization, please click the On button. If you select Off, you can skip account synchronization.Required
Base AddressEnter the Base Address (URL) that defines the Endpoint of the target system supporting the SCIM API.Required
AcceptEnter the Accept (e.g., application/json) information, which is the HTTP Accept Header value used in SCIM REQUEST.Required
Content TypeEnter the Content Type (e.g., application/json), which is the HTTP Content Type header value used in SCIM REQUEST.Required
User NameRegisters the User Name used for authentication to the target REST service.Required
PasswordSet the password used for authentication to the target REST service.Required
Bearer TokenRegister the Bearer Token used when calling the API (for authorization).Optional
Client IDRegister the Client ID. The Client ID is an ID issued by the authentication server to a registered client, and because the Client ID itself is information disclosed to the resource owner, it should not be used alone for client authentication.Optional
Client SecretRegister the Client Secret information. Client Secret is a secret information generated by the authentication server, a unique value known only to the authentication server.Optional
Access Token Node IDRegister Access Token Node ID. Access Token Node ID is the Field ID of a JSON Object Node, returned from the target Access Token REST service, and includes the Token value. Access Token is used for the purpose of authorizing access to resources. It is important that the resource server only accepts Access Tokens from the Client.Optional
Access Token Base AddressRegister the Access Token Base Address (URL) required to receive an Access Token as the Base Address of the target REST service.Optional
Access Token Content TypeRegisters the Access Token Content Type (e.g., application/x-www-form-urlencoded), which is the HTTP Content-Type header value of the target Access Token REST service.Required
ProvisioningSelect one of user or group as the default target for provisioning, and if necessary, you can select both user and group.Select
Inbound Provisioning ScheduleClick On to register periodically (hour, day, month, year) through Intbound Provisioning ScheduleSelect
Outbound Provisioning ScheduleClick On to register the Outbound Provisioning Schedule. Click Off to deploy in real time.Select
Table. Provisioning information input
Reference
If you select Provisioning Configuration to “Off”, the Provisioning stage and profile stage are omitted, and the application registration is set to use only the authentication service, completing the process.

Profile

Enter the setting information for user/group for deployment on the profile information input screen.

CategoryDescriptionRequired
Profile nameEnter the profile name.Required
DescriptionRegister a description for the profile.Optional
AttributeClick Add to select and enter attribute information.Select
Table. Profile Information Input
Notice

Profile Mapping

  • Provisioning target selection tab menu, click User, Group to add properties.
  • Click Profile Mapping to match and connect the required information in the target application based on the SCIM schema information.
  • Provides a feature that allows you to configure the creation of an execution script that can perform real-time conversion when running provisioning (a conversion script based on the JEXL standard script). However, there is no validation check function as it receives and executes as entered.

After entering all items and clicking the Complete button, the basic application settings are completed. When you complete registering a new application, it will be added to the application list and new tabs called Policy, Assignment will be created.

Policy

You can set login policy and access control information for application policy configuration.

CategoryDescriptionRequired?
Login PolicySet the login policy applied when logging into the application. To set it, please assign the application in the Login Policy to be configured.Select
Access ControlThis is a setting that allows the user to control access to the app. When enabled, you can set whether to request access permission for the application and whether it is approved.Select
Table. Policy Settings

Allocation

Register information for assigning application users based on users and groups. This menu assigns access permissions by setting the users and groups that can access the registered application.

If you want to assign a user, follow the steps below.

  1. If you click the application, you will be taken to the detailed page of that application.
  2. Click the Assign tab and User tab > Assign button
  3. User Assignment When the popup appears, select the user you want to assign, and click the Assign button.
  4. Assignment tab shows the selected user in the list.
Caution

Similarly, you can assign a predefined group via the Group tab’s Assign button. Assign the group using the same method.

Group Settings

  • When setting groups that can access the application, configure it to include information that defines specific groups for distinction.
  • You must define rules and groups in advance so that you can manage access permissions with member rules that can distinguish groups.
Reference

Application status

  • Activation (Active): Exposes the application in the User Portal, and by configuring Sign-On services, provisioning, policies, etc., it is a state where users can access and use the application.

  • Inactive: It does not expose the application on the User Portal, and it is a state where the application can be deleted.

  • Delete: When deleting a registered application, caution is required. Therefore, a popup is displayed to allow you to verify the application information and status once more.

Pre-Built App Integration

Pre-Built App Integration menu provides a convenient way to quickly and easily connect the SaaS application you want to use, by pre-preparing necessary settings such as connection information, name, icon, so you can use it conveniently.

To integrate the application via Pre-Built App Integration, check the menu path below.

  • Admin Portal > Integration > Application > Register > Pre-Built App Integration Click tab
  • Application select > Next button click
  • Go to detailed settings

Pre-Built App Integration menu, like the Custom App Integration menu, can register an application by entering and configuring the necessary integration information through a screen consisting of six steps as follows.

The input items and methods for each step are the same, except for the information that has been predefined and entered for Pre-Built.

  1. General
  2. SSO
  3. Provisioning
  4. Profile
  5. Policy
  6. Assignment

General

Enter the general application information by referring to the below.

CategoryDescriptionRequired?
NameEnter the name of the application.Required
DescriptionEnter a description of the application (e.g., tasks, usage, etc.).Optional
Logo ImageRegister a logo that can intuitively identify the application. There are file upload and URL link methods.Optional
Screen displayWhen selected, it is shown to the user in the User Portal.Select
Access URLEnter the application’s Access URL. For the application to access, enter the login page.Required
Auto logoutWhen selected, it will be automatically logged out without re-confirmation according to the session policy.Select
Automatic RedirectionWhen selected, it moves to the Service Provider without displaying the logout completion page.Select
Logout URLEnter the URL address to navigate to when the user logs out. If left blank, it will be set to the Access URL address.Optional
Table. General

SSO

Enter Single Sign On setting information on the SSO information input screen.

CategoryDescriptionRequired
IssuerEnter the Issuer, which is the unique identifier of the SP (Service Provider) and the value verified by the Response Issuer.Required
Single Sign-On URLEnter the Single Sign-On URL, which is the full URL required when logging into the system.Required
Logout URLEnter the Logout URL, which is the URL value for SLO (Single Logout) Return.Optional
Logout MethodThe logout methods for SLO (Single Logout) Return are provided in three ways as follows.
  • Back-Channel Logout: The user logs out safely from the application without interaction.
  • Front-Channel Logout (HTTP Redirect Binding): The user interacts to safely log out from the application using a browser-based logout (HTTP Redirect Binding) method.
  • Front-Channel Logout (HTTP POST Binding): The user interacts to safely log out from the application using a browser-based logout (HTTP POST Binding) method.
Required
Response SigningIf you want to sign the returned SAML Response after the authentication process, use Response Signing.Select
Validation On-RequestCheck to use Signature Validation.Select
EncryptionSelect whether to apply Encryption.Select
Application CertificateIf you select one of Validation On Request or Encryption, you must register a “certificate”. Please enter a valid value according to the PEM (Privacy-Enhanced Mail) format.Required
Attribute to map during SSOSelect the attribute information required for SSO connection and set a unique value for user identification. ※ The ‘Next’ button is activated only after selecting a Subject Attribute.Required
‘Metadata file import’ buttonThe SAML metadata file contains information about various SAML identity providers that can be used for SAML 2.0 protocol message exchanges. This metadata identifies the IdP endpoints and certificates to secure SAML 2.0 message exchanges. When you click ‘Import metadata file’, you can upload a file.Select
Table. SSO Information
Guide

Single Sign-On Settings

  • If you select either Validation On Request or Encryption, you must register the certificate. (Register the certificate value exported as Plain Text)
  • Attribute to map during SSO Information can be added by clicking and selecting attribute information provided by SingleID. Among the selected attributes, a unique value for user identification must be selected as mandatory.
  • To deliver SingleID attribute information to the connected target application, you can align the SingleID attribute name to the attribute name that will be mapped in the application and deliver it. This information communicated during authentication is called claim (Claim) information, and the SP uses the received information to set permissions or as attribute information for operation and management.

Provisioning

The Provisioning menu is an account management function that can distribute user information to applications for synchronization. In SingleID, we provide methods based on global standard API specifications such as SCIM and REST.

Enter the configuration information for account information distribution on the Provisioning information input screen.

CategoryDescriptionRequired
Provisioning ConfigurationClick the ‘On’ button to enable account information synchronization. Selecting ‘Off’ will allow you to SKIP account synchronization.Required
Base AddressEnter the Base Address (URL) that defines the Endpoint of the target system supporting the SCIM API.Required
AcceptEnter the Accept (e.g., application/json) information, which is the HTTP Accept Header value used in SCIM REQUEST.Required
Content TypeEnter the Content Type (e.g., application/json), which is the HTTP Content Type header value used in SCIM REQUEST.Required
User NameRegisters the User Name used for authentication to the target REST service.Required
PasswordSet the password used for authentication to the target REST service.Required
Bearer TokenRegister the Bearer Token used when calling the API (for authorization).Optional
Client IDRegister the Client ID. The Client ID is an ID issued by the authentication server to a registered client, and because the Client ID itself is information disclosed to the resource owner, it should not be used alone for client authentication.Optional
Client SecretRegister Client Secret information. Client Secret is a secret generated by the authentication server, a unique value known only to the authentication server.Optional
Access Token Node IDRegister the Access Token Node ID. The Access Token Node ID is the Field ID of a JSON Object Node, which is returned from the target Access Token REST service and includes the token value. The Access Token is used for the purpose of authorizing access to resources. It is important that the resource server accepts only the Access Token from the client.선택
Access Token Base AddressRegister the Access Token Base Address (URL) required to obtain an Access Token as the Base Address of the target REST service.Optional
Access Token Content TypeRegisters the Access Token Content Type (e.g., application/x-www-form-urlencoded), which is the HTTP Content-Type header value of the target Access Token REST service.Required
ProvisioningSelect one of user or group as the default target for provisioning, and if needed you can select both user and group.Select
Inbound Provisioning ScheduleClick On to register periodically (hour, date, month, year) through Intbound Provisioning Schedule.Select
Outbound Provisioning ScheduleClick On to register the Outbound Provisioning Schedule. Click Off to deploy in real time.Select
Table. Provisioning information
Note
If you select Provisioning Configuration as “Off”, the Provisioning stage and profile stage are omitted, and the application registration is set to use only the authentication service and is completed.

Profile

Enter the user/group configuration information for deployment on the profile information input screen.

CategoryDescriptionRequired?
Profile nameEnter the profile name.Required
DescriptionRegister a description for the profile.Required
AttributeClick Add to select and enter attribute information.Required
Table. Profile
Notice

Profile Mapping

  • In the tab menu where the Provisioning target is selected, click User, Group to add properties.
  • Click Profile Mapping to match and connect the required information in the target application based on the SCIM schema information.
  • Provides the ability to configure an execution script (written as a conversion script based on the JEXL standard script) that can perform real-time conversion when executing provisioning.

However, there is no validation check function as it receives and executes as entered.

After entering all items and clicking the Complete button, the basic application settings are completed. When you complete registering a new application, it is added to the application list and new tabs called Policy, Assignment are created.

Policy

You can set login policies and access control information for application policy settings.

CategoryDescriptionRequired
Login PolicySet the login policy applied when logging into the application. To set it, please assign the application in the ‘Login Policy’ to be configured.Select
Access ControlThis is a setting that allows the user to control access to the app. When enabled, you can set whether to allow access requests to the application and whether they are approved.Select
Table. Policy

Assignment Settings

Register information for assigning application users based on User and Group. This menu assigns access permissions by setting users and groups that can access the registered application.

To assign a user, follow the steps below.

  1. When you click the application, you will be taken to the detailed page of that application.
  2. Click the Assign tab and the User tab > Assign button.
  3. User Assignment When the popup appears, select the user you want to assign, and click the Assign button.
  4. Assignment tab shows the selected user in the list.
Caution

Similarly, you can assign a predefined group via the Assign button in the group tab. Assign groups using the same method.

Group Settings

When setting the groups that can access the application, configure it to include information that defines specific groups for distinction. You must define rules and groups in advance so that you can manage access permissions with member rules that can distinguish groups.

Note

Application status

  • Activation (Active): Exposes the application on the User Portal, and by setting Sign-On services, provisioning, policies, etc., it is a state where users can access and use the application.
  • Inactive: Does not expose the application in the User Portal, and is a state where the application can be deleted.
  • Delete: When deleting a registered application, caution is required. Therefore, a popup is displayed so that the application information and status can be checked once more.

Application Modification

You can modify the settings by clicking the application on the list screen.

If you want to modify the application, follow the steps below.

  1. Admin Portal > Integration > Select Application > Edit Click the button.
  2. Click the General, SSO, Provisioning, Policy, Assignment, Permission Items, Rebranding tab to edit the items.
  3. Save button을 클릭하세요.
Notice
If you want to deactivate the application, select the application and click the Deactivate button.

Permission Items

The permissions tab provides synchronization integration with the application’s permissions.

If you want to set permissions, follow the steps below.

  1. If you click the application, you will be taken to the detailed page of that application.
  2. Click the Assignment tab and the Permission Items tab > click the Register button.
  3. Permission item When the popup window appears, it is necessary to register the permission item.
  4. Enter Permission, key, display name, content and click Save to register the permission.

Rebranding

When registering in the application, an additional rebranding tab that does not appear is created. The application’s rebranding includes rebranding functionality for the login page when accessing a separate application.

The included rebranding features are as follows.

  • Favicon : The favicon can be edited in the browser.
  • Header logo: The header logo on the login screen can be changed to the logo you want.
  • Key visual image: The key image set by default on the login page can be modified.
  • Sign-up page redirection: Registration can be done on a separate operating sign-up page instead of SingleID’s sign-up page.
  • Privacy Policy Redirection: You can register the privacy policy URL used in the existing application.
  • Terms of Service redirection: You can register the Terms of Service URL used in the existing application.
Reference

Rebranding Tab Activation Conditions

The rebranding tab appears in SAML and OIDC target applications.

UI

By clicking the application on the list screen, and clicking the edit button on the rebranding tab, you can configure application-specific UI rebranding.

Guide
Clicking the temporary save at the bottom right allows you to save the settings midway.
Favicon Change

Favicon changes in the application can be set according to the characteristics of the corporate application.

If you want to edit the favicon, follow the steps below.

  1. Admin Portal > Integration > Select Application > UI > Edit Click the button.
  2. Favicon select custom in the Favicon item.
  3. Favicon image (pencil shape) Click the item, then click the favicon image.
  4. Upload an icon file or enter the icon image URL.
  5. Save button, click it and verify through the preview screen that the upload was successful. 6.Korean page Enter the title in Korean.
  6. English page Enter in English in the title.
  7. If the input is completed, check through the right preview whether it was entered correctly.
  8. Click the Publish button at the lower right corner.
Notice
The recommended size for the favicon image is 256 x 256 px, only ICO files are allowed, and please upload files under 2MB. Favicon images are applied only on PC screens.
Header Logo Change

In the application, separate header logo changes can be configured to suit the characteristics of the corporate application.

If you want to edit the header logo, follow the steps below.

  1. Admin Portal > Integration > Select Application > UI > Edit Click the button.
  2. Header Logo Select custom in the item.
  3. Text logo and image logo can be selected and set.
  4. Enter the Korean Redirect URL and the English Redirect URL.
  5. If the input is completed, check through the right preview whether it was entered correctly.
  6. Click the Publish button at the lower right corner.
Notice
The recommended size for the header logo image is 288 x 72 px. Only PNG, JPG, JPEG files are allowed, and please upload files under 1MB. It is possible to set logo images separately for each language.
Key Visual Change

In the application, separate key visual changes can be configured to suit the characteristics of the corporate application.

If you want to edit the key visual, follow the steps below.

  1. Admin Portal > Integration > Application Selection > UI > Edit button, click it.
  2. Key Visual Select Custom in the item.
  3. Click to use a single key visual for all languages and language-specific key visuals.
  4. If the image upload is complete, check through the right preview to see if it was entered correctly.
  5. Click the Publish button at the lower right.
Guide
The recommended size for the key visual image is 600 x 612 px. Only PNG, JPG, JPEG files are allowed, and please upload files under 1MB.

Redirect

By clicking the application on the list screen, then clicking the edit button in the Rebranding tab, you can configure application-specific rebranding for redirection.

Guide
You can save the settings midway by clicking the temporary save at the lower right.
CategoryDescription
Sign UpEnter the URL if you want to set a separate sign-up page.
Privacy PolicyEnter a separate privacy policy URL in the application.
Terms of ServiceEnter a separate Terms of Service URL in the I application.
Table. Redirection
Notice
The default selection outputs the SingleID basic registration page, conditions, and terms.

Application Deletion

From the application list screen, select the application, deactivate it, then return to the list screen and you can delete it from the three‑dot menu. To register again, click the Add button to register.

Identity Provider

This is a menu for registering and managing IdPs that provide authentication services and credentials to SCP SingleID. At this time, SCP SingleID acts as a Service Provider and receives authentication services from the IdP.

Identity Provider List

On the list screen, you can select a registered Identity Provider to edit/delete, sort, search, etc., and you can navigate to a menu screen where you can register a new Identity Provider.

To view the Identity Provider list, you can access the following menu.

  • Admin Portal > Integration > Identity Provider
CategoryDescription
NameIdentity Provider name.
TypeDisplays the standard protocol registered by the Identity Provider. The Identity Provider type is distinguished by SAML2.0 and OIDC methods.
StatusDisplays the status of the Identity Provider. It is distinguished as active and inactive.
Active buttonOnly active Identity Providers are displayed in the list.
Inactive buttonOnly inactive Identity Providers are displayed in the list.
Search term input fieldYou can search the Identity Provider list. After entering a search term, click the magnifying glass icon or press Enter to perform the search. Searchable items: name, description
Detail buttonYou can perform a detailed search. Search conditions can be combined with AND. After entering multiple fields, click the Search button, and the search will be performed according to the conditions. Click the Reset button to reset all search fields.
Download buttonSAML metadata download is available. You can download the SAML metadata files for the internal network and the internet network.
Register buttonYou can register a new application.
Table. Identity Provider List
Reference
Identity Provider Delete If you want to delete, select the checkbox (V) and then click the Delete button at the top of the list.

Identity Provider Registration

You can register by clicking Register at the top of the Identity Provider list screen.

To register Identity Provider, follow the steps below.

  1. Admin Portal > Integration > Identity Provider > Register Click button
  2. Custom App Integration > Web Application(SAML) or Web Application(OIDC) select > next click the button
  3. Go to detailed settings

Identity Provider can be registered by entering and setting the information required for integration through a three-step screen as follows.

General

Enter general information for IdP (Identity Provider).

CategoryDescriptionRequired
NameEnter the name of the Identity Provider. Since it is identified by name, rules for distinction and management are required.Required
DescriptionEnter a description of the Identity Provider (business, usage, etc.).Optional
Logo ImageRegister a logo that can intuitively identify the Identity Provider.Optional
Login buttonDisplays IdP as a button/link (Text) etc.
  • Logo icon display: Choose whether to display the logo icon on the login button.
  • Button text: Enter the text to display on the login button.
Required
Table. Identity Provider General

SSO

Enter Single Sign On configuration information on the SSO information input screen.

When integrating with Web Application (OIDC)

CategoryDescriptionRequired
Client IDRegister the Client ID. The Client ID is an ID issued by the authentication server to a registered Client, and because the Client ID itself is information disclosed to the resource owner, it should not be used alone for Client authentication.Required
Client SecretRegister the Client Secret information. The Client Secret is a secret piece of information used for authentication to the target REST service, a unique value known only to the authentication server.Required
Authorization Endpoint URLThe Authorization Endpoint must obtain authorization from the Resource Owner. Enter the Authorization Endpoint URL, which is the URL value used at this time.Required
Token Endpoint URLToken Endpoint is used by the client and obtains an Access Token via an Authorization Grant or Refresh Token. Enter the Token Endpoint URL, which is the URL value used at this time.Required
Logout URLEnter the Logout URL, which is the URL value for Return in SLO (Single Logout).Optional
Userinfo Endpoint URLProvided by the IdP (Identity Provider) and enter the Userinfo Endpoint URL that includes the user profile (username, name, etc.).Optional
IdP Sign-In KeySet the IdP Sign-In Key value and select the SingleID mapping attribute for the IdP Sign-In Key.Required
Table. Web Application(OIDC) SSO
Guide

IdP Sign-In Key Settings There are two ways to handle login in SCP SingleID by receiving the key value that passes the ID.

  • How to receive identifier ID value using standard SAML Keyword
  • How to create and receive a custom identifier ID

You can map the name obtained by one of the above methods to the User ID, or you can also map it to the CN value. This is a feature that sets how to map authentication information to a value for handling login.

JIT provisioning

Identity Provider’s JIT provisioning feature tab has been added. This feature synchronizes accounts in real time when user changes occur. You can set items when synchronizing accounts in real time.

CategoryDescriptionRequired
JIT provisioningJIT provisioning stands for Just-In Provisioning and is an ID and access management feature used to quickly create user accounts when a user logs into the system for the first time.
  • The feature can be set to On or OFF.
Required
When there is no SingleID user mapped to the IdP userManage actions when the user accesses for the first time.
  • Go to the sign‑up page: create a new account. To prevent ID duplication, set a separate ID suffix for the logged‑in ID.
  • Automatically create a new SingleID user without user invitation: automatically generate an ID.
  • Go to the user registration website: if a separate user sign‑up page exists, navigate to that separate registration page.
Required
If there is a SingleID user mapped to the IdP userIf the user exists, update the user information.Required
Table. JIT provisioning

After entering all items and clicking the Complete button, the basic application settings are completed.

Identity Provider Edit

If you click the Identity Provider in the list screen, you can modify the settings.

If you want to modify the Identity Provider, follow the steps below.

  1. Admin Portal > Integration > Identity Provider Select > Edit Click the button.
  2. Click the General, SSO, Provisioning, Policy, Assignment tab to edit the items you want to modify.
  3. Save button을 클릭하세요.
Notice
If you want to deactivate the application, select the application and click the Deactivate button.

Identity Provider Delete

On the Identity Provider list screen, after selecting an Identity Provider and disabling it, you can return to the list screen and delete it from the three‑dot menu. To register again, click the Add button to register.

Authenticator

Configure by integrating the Authenticator provided by SCP SingleID. By default, password and Email are set to active state.

The Authenticator that is additionally configured and provided is as follows.

  • Knox Messenger: OTP can be sent via Knox Messenger.
  • PC SSO Agent: SingleID: Provides SSO with Agentless, but uses SSO Agent for multi-browser SSO functionality,
  • SingleID Authenticator: It is a SingleID dedicated authentication mobile app that supports biometrics (fingerprint, facial), PIN, mOTP, TOTP.
  • SMS: OTP can be sent via mobile SMS.
  • Active Directory: Performs authentication with an AD account.
  • Passkey: Mobile Passkey, security key, a convenient authentication method that allows easy login with Windows biometric/PIN code.

Authenticator List

We support all authenticators of the six available types.

If you want to check the Authenticator, please check at the following path.

  • Admin Portal > Integration > Authenticator

Authenticator Add

When you click Register on the Authenticator list screen, it moves to the next screen and switches to a screen where you can add an Authenticator.

Authenticator를 추가하시려면, 다음의 절차를 따르세요. -> If you want to add an Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. each authentication methodto select > Next Click the button.
  3. Enter the information required for authentication settings.
  4. Click the Save button.
Notice
All nine types of Authenticators, including optimized work environments that a typical IdP service can provide, are already offered and registered/configured, so there are no new Authenticators to add until a new type of Authenticator is needed.
Notice
If you want to disable the Authenticator, select the application and click the Disable button.

Authenticator Edit

On the Authenticator list screen, after selecting an Authenticator and clicking edit, it switches to a screen where you can edit.

If you want to modify the Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Edit button click
  2. Edit each item and click the Edit button to complete the modification.

Authenticator Delete

On the Authenticator list screen, select the Authenticator, deactivate it, then return to the list screen and you can delete it from the three‑dot menu. If you want to register again, click the Add button to register.

MFA Service Provider

MFA Service Provider menu provides a service that enhances user convenience by meeting the security requirements required by companies through multi-factor authentication, applying stronger authentication technologies along with biometric and simple authentication technologies.

MFA Service Provider List

To check the MFA Service Provider list, you can access the following menu.

  • Admin Portal > Integration > MFA Service Provider
CategoryDescription
NameIt is the name of the MFA Service Provider.
System CodeDisplays system code information.
Project CodeDisplays the project code information.
User TagDisplays the User Tag.
TypeDisplays the MFA Service Provider integration method. It is shown in the following three ways.
  • ADFS Plugin
  • MFA API
  • RADIUS
System Code Input FieldEnter system code information.
Project Code Input FieldEnter the project code information.
Search input fieldYou can search the Identity Provider list. After entering a search term, click the magnifying glass icon or press Enter to perform the search.
  • Searchable items: name, description, system code, project code
Detail buttonDetailed search is possible. Search conditions can be combined with AND. After entering multiple fields and clicking the ‘Search’ button, the search is performed according to the conditions.
  • Reset button: when clicked, all search fields are reset.
Register buttonYou can register a new MFA Service Provider.
Table. MFA Service Provider List

MFA Service Provider Registration

To register the MFA Service Provider, follow the steps below.

  1. Admin Portal > Integration > MFA Service Provider > Register button click
  2. ADFS Federated Application or Custom Application or Network Equipment select > next button click
Notice

MFA Service Provider has three types as follows.

  • ADFS Federated Application : Register an ADFS federated application that will be linked with SingleID MFA.
  • Custom Application : Register an application that uses the MFA API to be integrated with SingleID MFA.
  • Network Equipment : Register network equipment that will be linked with RADIUS-based MFA.

You can register an MFA Service Provider by entering and configuring the information required for MFA Service Provider integration through a three-step screen as follows.

General

MFA Service Provider Enter general information.

CategoryDescriptionRequired
NameEnter the name of the MFA Service Provider. Since it is identified by name, rules for distinction and management are required.Required
DescriptionEnter description of MFA Service Provider (tasks, usage, etc.).Optional
Logo ImageRegister a logo that can intuitively identify the MFA Service Provider.Optional
User Management using User TagIf you enable the use of User Tag, when a new user is registered from the MFA Service Provider, “#"+User Tag is automatically added after the user’s ID, preventing duplicate ID registration.Select
User TagOnly one User Tag can be registered per MFA Service Provider.
  • User Tag cannot be modified after registration, and it is a tag attached to the MFA Service Provider and the user.
  • Tenant administrators can define and use User Tags. Users provisioned JIT through the MFA Service Provider have the same User Tag set as a user attribute, allowing you to determine where the user was created.
Required
System CodeEnter system code information.Optional
Project CodeEnter project code information.Optional
CampaignIf only one authentication method is used, a popup page guiding the user to register a personal authentication method is displayed. It becomes active when the selection box is selected.Select
Table. MFA Service Provider General

MFA integration

Enter MFA integration information.

CategoryDescriptionRequired
LoginSelect the provided Authenticator from the drop-down list.Required
Identity verification at registrationSet the identity verification method that must be performed obligatorily during the registration process.
  • The user sets first and second Authenticator for identity verification.
  • Delegating authentication to an administrator allows a specific administrator to set authentication on behalf of the user when there is no mobile device or other authentication tool for identity verification.
    ※ It is not recommended to use this except for special circumstances.
Required
ADFS IdentifierPlease enter the ADFS Identifier URL information.Required
ClaimEnter Claim name.
  • A Claim is an authentication method that manages user authentication and permissions through a specific key value, and you can add the necessary data here for use.
  • Defines whether to map to verify if it is the same user. Up to 30 can be registered.
Required
Secret KeySecret Key is an encryption key for trusted communication between SingleID and MFA Service Provider.
  • Issue button to issue it.
Required
Table. MFA Integration
Notice
The person who can verify identity on your behalf can be set in the Person in charge tab.

Person in charge

Select and register the person in charge of the newly registered MFA Service Provider.

CategoryDescription
Add buttonYou can add a person in charge of the MFA Service Provider.
SearchYou can find the person in charge by search term (ID, name, email, status).
Select (Check Box)Select the person in charge found in the list.
AddYou can add the selected assignee.
CompleteComplete assigning the person in charge.
Table. Person in charge registration

Click the Complete button to complete the registration.

MFA Service Provider Edit

On the MFA Service Provider list screen, after selecting the Authenticator and clicking edit, it switches to a screen where you can modify.

If you want to modify the MFA Service Provider, follow the steps below.

  1. Admin Portal > Integration > MFA Service Provider > Edit Click the button.
  2. Modify each item and click the Edit button to complete the modification.

MFA Service Provider Delete

MFA Service Provider list screen, select the MFA Service Provider, deactivate it, then return to the list screen and you can delete it from the three‑dot menu. To register again, click the Add button to register.

Dashboard
Identity Store