The page has been translated by Gen AI.

Integration

Integration is a service that configures and manages authentication services and account information for various applications.

In SCP SingleID, we support integration with new applications through customized authentication integration and account provisioning services, as well as a DIY (Do-It-Yourself) feature.

Through the integration menu, it provides integration management functions such as Application, Identity Provider, Authenticator, MFA Service Provider.

Application

The application is a menu for registering and linking various applications to apply SCP SingleID’s authentication service.

The administrator can register or edit a new application through the application list screen, and can sort, search, and delete registered applications.

Application List

The administrator can select a registered application on the application list screen to edit/delete, sort, search, etc., and can navigate to a menu screen where a new application can be registered through registration.

To view the list of applications, access the menu as follows.

  • Admin Portal > Integration > Application
CategoryExplanation
NameThis is the name of the application. It can be entered when creating the application.
typeThe application integration protocols are classified as SAML, OIDC, and SCIM.
Screen displayThis is an item displayed in the User Portal application list.
  • Screen display: It is shown to users in the User Portal, allowing them to request access permissions.
  • Blank: It is hidden in the User Portal, so users cannot request it directly.
statusApplication status. It is divided into active and inactive.
  • Active: The state where the administrator has completed the settings so that the user can access the application
  • Inactive: The state where, due to the administrator’s settings, the user cannot access the application
All buttonDisplays both active and inactive applications in the list.
Active buttonOnly active applications are displayed in the list.
Disabled buttonOnly inactive applications are displayed in the list.
Search term input fieldApplication list can be searched. After entering a search term, click the magnifying glass icon or press Enter to perform the search.
  • Searchable items: name, description
Details buttonYou can perform detailed searches. Search conditions can be combined with AND. After entering multiple fields, click the ‘Search’ button to retrieve results that match the criteria.
  • Reset button click will clear all search fields.
Download buttonSAML metadata download is available. You can download SAML metadata files from the internal network and the Internet.
Register buttonYou can register a new application.
Table. Application List

Application registration

The administrator can register the application by clicking the Register button on the list screen.

Application registration can be done using two methods: Custom App Integration and Pre-Built App Integration.

To register an application, access the menu as follows.

  • Admin Portal > Integration > Application > Register Click the button
  • Custom App Integration or Pre-Built App Integration Select tab

Custom App Integration

Custom App Integration registration is the connection menu for authenticating the application you want to integrate and provisioning the account.

We provide three types of connection functions as follows.

When registering an application by linking authentication, you provide and select the type (SAML, OIDC) according to the standard authentication integration method.

When registering an application by linking account provisioning, we provide the standard online API method (SCIM).

Reference

The integration features provided by SingleID can be categorized as follows, and the information input and configuration steps vary depending on the required integration scope. When configuring the standard authentication integration methods SAML and OIDC, if you do not select account provisioning, the attribute linking step is omitted, shortening the registration process.

Standard protocolAuthentication integration, account deployment integrationAuthentication integrationAccount deployment integration
SAML-
OIDC-
SCIM--
Table. Standard protocol

To register the application Custom App Integration, follow the steps below.

  1. Click the Admin Portal > Integration > Application > Register button
  2. Custom App Integration > Web Application(SAML) orWeb Application(OIDC) or Identity Provisioning(SCIM v2.0) Select > Next Click the button
  3. Go to detailed settings

You can register an application by entering and configuring the information required for integration through a six-step screen as shown below.

Applications using standard protocols (SAML, OIDC, SCIM) can register information and configure policies and attributes through a screen consisting of the following six steps.

  1. General
  2. SSO
  3. Provisioning
  4. Profile
  5. Policy
  6. allocation

General

Enter the general application information as referenced below.

CategoryExplanationWhether required
NameEnter the application name.Required
ExplanationEnter the description for the application.Selection
logo imageRegister the logo. (File upload or URL link)Selection
Screen displayDisplayed to the user in the User Portal.Select
Access URLEnter the application access URL.Required
Automatic logoutConfigure automatic logout according to the session policy.Selection
Automatic redirectionSet automatic redirection to the Service Provider after logout.Selection
URL after logoutEnter the URL to navigate to on logout (if left blank, use Access URL)Selection
Table. Application General Information
Reference
Delete Application If you want to delete, select the checkbox ([V]) and click the Delete button at the top of the list.

SSO

On the SSO information entry screen, enter the Single Sign On configuration settings.

CategoryExplanationRequired or not
IssuerEnter the SP’s unique identifier value.Required
Single Sign-On URLEnter the full URL for login.Required
Logout URLEnter SLO Return URL.Selection
Logout methodProvides Back-Channel Logout, Front-Channel Logout(HTTP Redirect Binding), Front-Chennel Logout(HTTP POST Binding).Required
Response SigningThis is the SAML Response signature configuration.Selection
Validation On-RequestThis is the setting for enabling Signature Validation.Selection
EncryptionThis is the setting for whether encryption is applied.Selection
Application CertificateCertificate registration (PEM format)Required
Attribute to map during SSOSelect SSO connection attribute information and set unique values.Required
‘Import Metadata File’ buttonProvides SAML metadata file upload functionality (identifies IdP endpoint and certificate).Selection
Table. SSO information
Reference

Single Sign-On Configuration

  • If you select either Validation On Request or Encryption, you must register a certificate. * (Register the certificate value exported as Plain Text)
  • Attribute to map during SSO You can click Add to select attribute information provided by SingleID. * You must select a unique value for user identification among the selected attributes.
  • To deliver SingleID attribute information to the connected target application, you can map the SingleID attribute name to the attribute name used by the application and transmit it. * The information communicated during authentication is called claim information, and the received data is used by the SP to set permissions or as attribute information for operation and management.

Provisioning

The Provisioning menu is an account management feature that can distribute user information to applications for synchronization. SingleID provides global standard API specifications such as SCIM and REST.

On the Provisioning information entry screen, enter the configuration settings for account distribution.

CategoryExplanationWhether required
Provisioning ConfigurationTo use account information synchronization, please click the On button. Selecting Off allows you to SKIP account synchronization.Required
Base AddressEnter the Base Address (URL) that defines the Endpoint of the target system supporting the SCIM API.Required
AcceptEnter the Accept information (e.g., application/json) used as the HTTP Accept Header value in SCIM REQUEST.Required
Content TypeEnter the Content Type (e.g., application/json), which is the HTTP Content-Type header value used in SCIM requests.Required
User NameRegister the User Name used for authentication to the target REST service.Required
PasswordSet the password used for authentication to the target REST service.Required
Bearer TokenRegister the Bearer Token used when calling the API (for authorization).Selection
Client IDRegister the Client ID. The Client ID is an identifier issued by the authorization server to a registered client, and because the Client ID itself is information disclosed to the resource owner, it must not be used alone for client authentication.Selection
Client SecretRegister the Client Secret information. The Client Secret is a secret generated by the authentication server, a unique value known only to the authentication server.Selection
Access Token Node IDRegister the Access Token Node ID. The Access Token Node ID serves as the Field ID of a JSON Object Node, is returned from the target Access Token REST service, and includes the token value. The Access Token is used to authorize access to resources. It is important that the resource server accepts only the Access Token from the client.Selection
Access Token Base AddressRegister the Access Token Base Address (URL) required to obtain an Access Token as the Base Address of the target REST service.Selection
Access Token Content TypeRegister the Access Token Content Type (e.g., application/x-www-form-urlencoded), which is the HTTP Content-Type header value of the target Access Token REST service.Required
ProvisioningWhen provisioning, select either a user or a group by default, and if needed, you can select both users and groups.Selection
Inbound Provisioning ScheduleClick On to register periodically (hourly, daily, monthly, yearly) via the Intbound Provisioning Schedule.Selection
Outbound Provisioning ScheduleYou can click On to register an Outbound Provisioning Schedule. Clicking Off allows real-time deployment.Selection
Table. Provisioning information entry
Reference
If you select “Off” for Provisioning Configuration, the Provisioning and profile stages are skipped, and the application registration is set to use only the authentication service, completing the process.

Profile

Enter the configuration information for User/Group for deployment on the profile information input screen.

CategoryExplanationRequired or not
Profile nameEnter the profile name.Required
ExplanationRegister a description for the profile.Select
attributeClick Add to select and input attribute information.Selection
Table. Enter profile information
Information

Profile Mapping

  • In the tab menu for selecting the provisioning target, click User, Group to add properties.
  • Click Profile Mapping to align and connect the required information in the target application based on the SCIM schema information.
  • Provides a feature that allows you to configure an execution script (a conversion script based on the JEXL standard script) capable of real‑time conversion when running provisioning. Note that it executes exactly as entered, without any validation checks.

After entering all items, click the Complete button to complete the basic application settings. When you complete registering a new application, it is added to the application list, and new tabs called Policy, Assignment are created.

Policy

You can configure login policy and access control information for application policy settings.

CategoryExplanationRequired or not
Login PolicyConfigure the login policy applied when logging into the application. To set it, please assign the application in the login policy.Selection
Access controlThis setting controls the user’s access to the app. When enabled, you can configure whether to request permission to access the application and whether it is approved.Selection
Table. Policy Settings

Allocation

Register information for assigning application users based on users and groups. This menu assigns access permissions by configuring the users and groups that can access the registered application.

To assign a user, follow the steps below.

  1. When you click the application, you will be taken to the application’s detail page.
  2. Click the Assignment tab and click the User tab > Assign button.
  3. User Assignment When the popup appears, select the user to assign, and click the Assign button.
  4. In the Assignment tab, the selected user appears in the list.
Caution

Similarly, you can assign a predefined group via the Assign button on the Group tab. Assign the group using the same method.

Group Settings

  • When configuring the groups that can access the application, set it to include information that defines and distinguishes specific groups.
  • You must define rules and groups in advance so that you can manage access permissions using member rules that distinguish groups.
Reference

Application State

  • Activation (Active): Exposes the application in the User Portal and, by configuring Sign-On services, provisioning, policies, etc., places it in a state where users can access and use the application.

  • Inactive: It does not expose the application in the User Portal and is a state where the application can be deleted.

  • Delete: When deleting a registered application, caution is required. * Thus, we display a popup window to allow a second verification of the application’s information and status.

Pre-Built App Integration

The Pre-Built App Integration menu offers a convenient way to quickly connect and use the desired SaaS application, with necessary settings such as connection information, name, and icon prepared in advance.

To integrate the application using Pre-Built App Integration, refer to the menu path below.

  • Admin Portal > Integration > Application > Register > Pre-Built App Integration Click the tab
  • Select Application > Next button click
  • Go to detailed settings

The Pre-Built App Integration menu, like the Custom App Integration menu, allows you to register an application by entering the required integration information and configuring it through a six-step screen as shown below.

The input items and methods for each step are the same, except for the information that has been predefined and entered for Pre‑Built.

  1. [General] {#general-1}
  2. [SSO] {#sso-1}
  3. [Provisioning] {#provisioning-1}
  4. [Profile]{#file-1}
  5. [Policy] {#policy-1}
  6. [Assignment] {#configuration}

General

Enter the general application information as referenced below.

CategoryExplanationRequired or not
NameEnter the name of the application.Required
ExplanationEnter a description of the application (tasks, purposes, etc.).Selection
logo imageRegister a logo that intuitively identifies the application. Both file upload and URL link methods are available.Selection
Screen displayWhen selected, it is displayed to the user in the User Protal.Selection
Access URLEnter the application’s Access URL. Enter the login page for the application you will access.Required
Automatic logoutWhen selected, the session policy automatically logs out without re‑confirmation.Selection
Automatic redirectionWhen selected, it redirects to the Service Provider without displaying the logout completion page.Selection
URL after logoutEnter the URL to navigate to when the user logs out. If left blank, it will be set to the Access URL.Selection
Table. General

SSO

Enter the Single Sign On configuration information on the SSO information entry screen.

CategoryExplanationRequired status
IssuerEnter the Issuer, which is the unique identifier of the SP (Service Provider) and the value verified by the Response Issuer.Required
Single Sign-On URLEnter the Single Sign-On URL, the full URL required when logging into the system.Required
Logout URLEnter the Logout URL, which is the URL value for SLO (Single Logout) Return.Selection
Logout methodThe logout methods for SLO (Single Logout) Return are provided in three ways as follows.
  • Back-Channel Logout: The user is logged out securely from the application without any interaction.
  • Front-Channel Logout (HTTP Redirect Binding): The user interacts to securely log out from the application using a browser-based logout (HTTP Redirect Binding) method.
  • Front-Chennel Logout (HTTP POST Binding): The user interacts to securely log out from the application using a browser-based logout (HTTP POST Binding) method.
Required
Response SigningTo sign the returned SAML Response after the authentication process, use Response Signing.Selection
Validation On-RequestCheck to enable Signature Validation.Selection
EncryptionSelect whether to apply encryption.Selection
Application CertificateIf you select either Validation On Request or Encryption, you must register a “certificate”. Please enter a valid value according to the PEM(Privacy-Enhanced Mail) format.Required
Attribute to map during SSOSelect the attribute information required for SSO connection and set a unique value for user identification. ※ The ‘Next’ button becomes active only after selecting the Subject Attribute.Required
‘Import Metadata File’ buttonThe SAML metadata file contains information about various SAML identity providers that can be used for SAML 2.0 protocol message exchanges. This metadata identifies the IdP endpoints and certificates to secure SAML 2.0 message exchanges. Clicking Import metadata file allows you to upload a file.Selection
Table. SSO Information
Information

Single Sign-On Settings

  • If you select either Validation On Request or Encryption, you must register a certificate. * (Register the certificate value exported as plain text)
  • Attribute to map during SSO You can click Add to select the attribute information provided by SingleID. * A unique value for user identification must be selected among the chosen attributes.
  • To pass SingleID attribute information to the connected target application, you can align the SingleID attribute name with the attribute name mapped in the application. * The information communicated during authentication is called claim information, and the received data is used by the SP to set permissions or as attribute information for operation and management.

Provisioning

The Provisioning menu is an account management feature that can distribute user information to applications for synchronization. SingleID provides global standard API specifications such as SCIM and REST.

Enter the configuration settings for account information distribution on the Provisioning information input screen.

CategoryExplanationRequired or not
Provisioning ConfigurationClick the ‘On’ button to enable account information synchronization. Selecting ‘Off’ allows you to SKIP account synchronization.Essential
Base AddressEnter the Base Address (URL) that defines the Endpoint of the target system supporting the SCIM API.Required
AcceptEnter the Accept information (e.g., application/json) used as the HTTP Accept Header value in SCIM REQUEST.Required
Content TypeEnter the Content Type (e.g., application/json) that is the HTTP Content-Type header value used in SCIM requests.Required
User NameRegisters the User Name used for authentication to the target REST service.Required
PasswordSet the password used for authentication to the target REST service.Required
Bearer TokenRegister the Bearer Token used when calling the API (for authorization).Selection
Client IDRegister the Client ID. The Client ID is an ID issued by the authorization server to a registered Client, and because the Client ID itself is information disclosed to the resource owner, it must not be used alone for Client authentication.Selection
Client SecretRegister the Client Secret information. The Client Secret is a secret generated by the authentication server, a unique value known only to the authentication server.Selection
Access Token Node IDRegister the Access Token Node ID. The Access Token Node ID serves as the Field ID of a JSON Object Node, is returned from the target Access Token REST service, and includes the token value. The Access Token is used to authorize (authorize) access to resources. It is important that the resource server accepts only the Access Token from the client.Selection
Access Token Base AddressRegister the Access Token Base Address (URL) required to obtain an Access Token as the Base Address of the target REST service.Selection
Access Token Content TypeRegister the Access Token Content Type (e.g., application/x-www-form-urlencoded), which is the HTTP Content-Type header value of the target Access Token REST service.Required
ProvisioningWhen provisioning, select either a user or a group by default, and if needed, you can select both users and groups.Selection
Inbound Provisioning ScheduleClick On to register periodically (hour, day, month, year) via the Intbound Provisioning Schedule.Select
Outbound Provisioning ScheduleClick On to register an Outbound Provisioning Schedule. Click Off to deploy in real time.Selection
Table. Provisioning information
Reference
If you select “Off” for Provisioning Configuration, the Provisioning and profile stages are skipped, and the application registration is set to use only the authentication service, completing the process.

Profile

On the profile information entry screen, enter the user/group settings for deployment.

CategoryExplanationRequired or not
Profile nameEnter the profile name.Required
ExplanationRegister a description for the profile.Required
attributeClick Add to select and enter the property information.Required
Table. Profile
guide

Profile Mapping

  • In the tab menu for selecting the provisioning target, click User, Group to add properties.
  • Click Profile Mapping to align and connect the required information in the target application based on the SCIM schema information.
  • Provides the ability to configure an execution script (written as a conversion script based on the JEXL standard script) that can perform conversion in real time when running provisioning.

Note that it executes exactly as entered, without any validation checks.

After entering all items, click the Complete button to complete the basic application configuration. When you complete registering a new application, it is added to the application list, and new tabs called Policy, Assignment are created.

Policy

You can configure login policies and access control information for application policy settings.

CategoryExplanationRequired status
Login PolicyConfigure the login policy applied when logging into the application. To set it, assign the application in the ‘Login Policy’ you want to configure.Selection
Access controlThis setting controls the user’s access to the app. When enabled, you can configure whether to request permission to access the application and whether approval is granted.Selection
Table. Policy

Allocation Settings

Register information for assigning application users based on users and groups. This menu assigns access permissions by configuring the users and groups that can access the registered application.

To assign a user, follow the steps below.

  1. When you click the application, you are taken to its detail page.
  2. Click the Assign tab and then click the User tab > Assign button.
  3. User Assignment popup appears, select the user to assign, and click the Assign button.
  4. The selected user appears in the list on the Assignment tab.
Caution

Similarly, in the Group tab, you can assign a predefined group using the Assign button. Assign the group using the same method.

Group Settings

When configuring the groups that can access the application, set it to include information that defines specific groups for distinction. You must define rules and groups in advance so that you can manage access permissions with member rules that can distinguish groups.

Reference

Application State

  • Activation (Active): Exposes the application in the User Portal and, by configuring Sign-On services, provisioning, policies, etc., places the application in a state where users can access and use it.
  • Inactive: It does not expose the application in the User Portal and is a state where the application can be deleted.
  • Delete: When deleting a registered application, caution is required. * Thus, we display a popup window to allow a second verification of the application’s information and status.

Application modification

When you click an application in the list view, you can edit its settings.

To modify the application, follow the steps below.

  1. Click the Admin Portal > Integration > Select Application > Edit button.
  2. Click the General, SSO, Provisioning, Policy, Assignment, Aggregation, Permission Items, Rebranding tab to edit the items you want to modify.
  3. Click the Save button.
Reference
Please refer to Application Registration for editing items in the General, SSO, Provisioning, Policy, Assignment tab.

Permission item

The permission items provide synchronization by linking the user roles of the integrated application with SingleID.

Register permission item

To set the permission items, follow the steps below.

  1. When you click the application, you are taken to its detail page.
  2. Click the Allocation tab and the Permission Items tab > click the Register button.
  3. When the Permission item popup appears, you need to register the permission item.
  4. Enter Name, Key, Display Name, Content and click Save to register the permission.
CategoryExplanationRequired status
NameEnter the permission name.
The permission name cannot be changed after it is registered once. If you want to change it, you need to register a new one.		Required
KeyEnter the authorization key. The authorization key cannot be changed after it is registered once. If you want to change it, you need to register a new one.Selection
Display nameEnter the permission display name.Selection
ExplanationEnter the permission description.Selection
Table. Permission Registration
Reference
SSO, Permission Items, Rebranding tab is not displayed on the screen when integrated via the SCIM protocol.

Rebranding

A rebranding tab that does not appear during registration in the application is added. Rebranding of the application includes login page rebranding functionality when accessed as a separate application.

The included rebranding features are as follows.

  • Favicon: The favicon can be modified in the browser.
  • Header logo: The header logo on the login screen can be modified to the logo you desire.
  • Key visual image: The key image set by default on the login page can be modified.
  • Sign‑up page redirection: Registration can be directed to a separate operational sign‑up page instead of SingleID’s sign‑up page.
  • Privacy Policy Redirection: You can register the privacy policy URL that was used in the existing application.
  • Terms of Service redirection: You can register the Terms of Service URL previously used in the existing application.

UI

From the list screen, click the application, then in the Rebranding tab, click the Edit button to configure application-specific rebranding settings for the UI.

guide
Clicking the temporary save button at the lower right allows you to save the settings midway.
Change favicon

In the application, you can set a custom favicon to match the characteristics of the enterprise application.

To modify the favicon, follow the steps below.

  1. Admin Portal > Integration > Select Application > UI > Edit Click the button.
  2. Select custom in the Favicon item.
  3. Favicon image (pencil shape) item, then click the favicon image.
  4. Upload an icon file or enter the icon image URL.
  5. Click the Save button and use the preview screen to confirm that the upload was successful. 6.Korean page Enter the title in Korean.
  6. English page Enter the title in English.
  7. Once the input is complete, use the preview on the right to confirm that it was entered correctly.
  8. Click the Publish button at the lower right corner.
Information
The recommended size for the favicon image is 256 × 256 px, and only ICO files are supported; please upload a file no larger than 2 MB. Favicon images are applied only on PC screens.
Header logo change

In the application, you can configure separate header logo changes to match the characteristics of the corporate application.

To modify the header logo, follow the steps below.

  1. Click the Admin Portal > Integration > Select Application > UI > Edit button.
  2. Select Custom in the Header Logo item.
  3. You can select and configure a text logo or an image logo.
  4. Enter the Korean Redirect URL and the English Redirect URL.
  5. If the input is complete, use the preview on the right to confirm that it was entered correctly.
  6. Click the Publish button at the lower right.
Information
The recommended size for the header logo image is 288 × 72 px. Only PNG, JPG, and JPEG files are allowed, and please upload files no larger than 1 MB. You can set the logo image separately for each language.
Key visual change

In the application, you can configure separate key visual changes to match the characteristics of the corporate application.

To edit the key visual, follow the steps below.

  1. Admin Portal > Integration > Select Application > UI > Edit Click the button.
  2. In the key visual item, select Custom.
  3. Click to use a single key visual for all languages or language‑specific key visuals.
  4. If the image upload is complete, verify through the right preview that it was entered correctly.
  5. Click the Publish button at the lower right corner.
Information
The recommended size for the key visual image is 600 x 612 px. Only PNG, JPG, and JPEG files are allowed, and please upload files no larger than 1 MB.

Redirection

From the list screen, click the application, then in the Rebranding tab, click the Edit button to configure application‑specific rebranding settings for the redirect.

Information
You can save the settings midway by clicking the temporary save button at the bottom right.
Sign up

Sign-up allows you to configure a registration link for each application.

CategoryExplanation
defaultWe use the default registration provided by SingleID instead of a separate sign‑up page. The default settings can be configured in the registration policy.
User-definedIf you operate a separate sign‑up page, you can set a separate Redirection link.
  • Use a single URL for all languages: Enter a common Redirect URL regardless of language settings.
  • Use language‑specific URLs: Enter a Redirect URL for each language.
HiddenIf you do not accept separate sign‑ups, select Hide.
Table. Sign up
information
The login page design is displayed via the preview. You can click the Korean and English buttons to view previews for each language.
Privacy Policy

The privacy policy can be redirected to the URL link of the privacy policy provided for each application.

CategoryExplanation
defaultSet as the default privacy policy for SingleID.
User-definedIf you operate a privacy policy for a separate application, you can set a separate Redirection link.
  • Use a single URL for all languages: Enter a common Redirect URL regardless of language settings.
  • Use language‑specific URLs: Enter a Redirect URL for each language.
Table. Privacy Policy
Terms of Use

The Terms of Service can be redirected to the privacy policy URL link provided for each application.

CategoryExplanation
defaultSet as SingleID default terms of service.
User-definedIf you operate terms of service for a separate application, you can set a separate Redirection link.
  • Use a single URL for all languages: Enter a common Redirect URL regardless of language settings.
  • Use language-specific URLs: Enter a Redirect URL for each language.
Table. Terms of Use
information
The login page design is displayed via the preview. You can click the Korean and English buttons to view previews for each language.
Reference
SSO, Permission Items, Rebranding tab is not displayed on the screen when integrated via the SCIM protocol.

Delete application

On the application list screen, select the application, deactivate it, then return to the list screen and you can delete it from the three‑dot menu.

Identity Provider

This is the menu for registering and managing IdPs that provide authentication services and credentials to SCP SingleID. At this point, the SCP SingleID acts as a Service Provider and receives authentication services from the IdP.

Identity Provider list

On the list screen, you can select a registered Identity Provider to edit/delete, sort, search, etc., and you can navigate to a menu screen where you can register a new Identity Provider.

To view the Identity Provider list, you can access the following menu.

  • Admin Portal > Integration > Identity Provider
CategoryExplanation
NameIdentity Provider name.
typeDisplays the standard protocols registered for the Identity Provider. Identity Provider types are distinguished by SAML2.0 and OIDC methods.
statusDisplays the status of the Identity Provider. It is distinguished as active or inactive.
Active buttonOnly active Identity Providers are displayed in the list.
disabled buttonOnly inactive Identity Providers are displayed in the list.
Search term input fieldYou can search the Identity Provider list. After entering a search term, click the magnifying glass icon or press Enter to perform the search. Searchable fields: name, description
Details buttonDetailed searches are possible. Search conditions can be combined using AND. After entering multiple fields, click the Search button to perform a search that matches the criteria. Click the Reset button to clear all search fields.
Download buttonSAML metadata download is available. You can download SAML metadata files from the internal network and the Internet.
Register buttonYou can register a new application.
Table. Identity Provider list
Reference
Delete Identity Provider If you want to delete, select the checkbox (V) and click the Delete button at the top of the list.

Identity Provider registration

On the Identity Provider list screen, click Register at the top to add a new entry.

To register an Identity Provider, follow the steps below.

  1. Admin Portal > Integration > Identity Provider > Register Click the button
  2. Custom App Integration > Web Application(SAML) or Web Application(OIDC) Select > Next Click the button
  3. Go to detailed settings

You can register an Identity Provider by entering and configuring the required integration information through a three-step screen as follows.

  • [General] {#General-2}
  • [SSO] {#sso-2}
  • [JIT provisioning] {#jit}

General

Enter the general information for the IdP (Identity Provider).

CategoryExplanationRequired or not
nameEnter the name of the Identity Provider. Since it is identified by its name, rules are needed for distinction and management.Required
ExplanationEnter a description of the Identity Provider (including its functions, purposes, etc.).Select
logo imageRegister a logo that intuitively identifies the Identity Provider.Select
Login buttonDisplay the IdP as a button/link (text) etc.
  • Logo icon display: Choose whether to show the logo icon on the login button.
  • Button text: Enter the text to display on the login button.
Required
Table. Identity Provider General

SSO

Enter the Single Sign-On configuration information on the SSO input screen.

When integrating with a Web Application (OIDC)

CategoryExplanationRequired or not
Client IDRegister the Client ID. The Client ID is an ID issued by the authentication server to a registered Client, and because the Client ID itself is information disclosed to the resource owner, it must not be used alone as the Client ID during client authentication.Required
Client SecretRegister the Client Secret information. The Client Secret is a unique value known only to the authentication server, used as secret information when authenticating to the target REST service.Required
Authorization Endpoint URLThe Authorization Endpoint must obtain authorization from the Resource Owner. Enter the Authorization Endpoint URL, which is the URL value used at this time.Required
Token Endpoint URLThe Token Endpoint is used by the client and obtains an Access Token via an Authorization Grant or a Refresh Token. Enter the Token Endpoint URL, which is the URL value used at this time.Required
Logout URLEnter the Logout URL, which is the URL value for SLO (Single Logout) Return.Selection
Userinfo Endpoint URLEnter the Userinfo Endpoint URL provided by the IdP(Identity Provider) that includes the user profile (username, name, etc.).Selection
IdP Sign-In KeySet the IdP Sign-In Key value and select the SingleID mapping property for the IdP Sign-In Key.Required
Table. Web Application (OIDC) SSO
Information

IdP Sign-In Key Configuration There are two methods to process login in SCP SingleID by receiving the key value that provides the ID.

  • How to obtain the identifier ID value using a standard SAML keyword
  • How to create and receive a custom identifier ID

You can map the name obtained by one of the above methods to User ID, or you can also map it to the CN value. This feature configures how authentication information is mapped to a value for processing login.

JIT provisioning

The JIT provisioning feature tab has been added to the Identity Provider. This feature synchronizes the account in real time when a user’s changes occur. You can configure items when the account is synchronized in real time.

CategoryExplanationRequired or not
JIT provisioningJIT provisioning, short for Just-In Provisioning, is an ID and access management feature used to quickly create user accounts when a user logs into the system for the first time.
  • The feature can be set to On or Off.
Required
If there is no SingleID user mapped to the IdP user.When a user accesses for the first time, manage the action.
  • Navigate to the sign‑up page: create a new account. To prevent ID duplication, set a distinct ID suffix for the logged‑in ID.
  • Automatically create a new SingleID user without user invitation: automatically generate an ID.
  • Navigate to the user registration website: if a separate user sign‑up page exists, go to that separate registration page.
Required
If there is a SingleID user mapped to the IdP userIf a user exists, update the user information.Required
Table. JIT provisioning

After entering all items, click the Complete button to complete the basic application setup.

Modify Identity Provider

On the list screen, you can modify the settings by clicking the Identity Provider.

If you want to modify the Identity Provider, follow the steps below.

  1. Click the Admin Portal > Integration > Select Identity Provider > Edit button.
  2. Click the General, SSO, Provisioning, Policies, Assignment tab to edit the items.
  3. Click the Save button.
Information
To deactivate the application, select the application and click the Deactivate button.

Delete Identity Provider

On the Identity Provider list screen, select an Identity Provider, deactivate it, then return to the list screen where you can delete it from the three‑dot menu. To register again, click the Add button.

Authenticator

Configure by integrating the Authenticator provided by SCP SingleID. Password and Email are enabled by default.

The types and functions of Authenticators are as follows.

  • Password: The Password Authenticator verifies a password known only to the user to authenticate the user as a knowledge‑based authentication method. * It is the built-in Authenticator used for primary and secondary authentication, and it cannot be deleted or disabled for security reasons.
  • Email: An ownership-based authentication method that authenticates the user through an OTP (One-Time Password) delivered to the user’s email account.
  • Active Directory: Enter the user password of the linked Active Directory to authenticate.
  • Knox Identity: Authenticate by entering the user password of the linked Knox Portal.
  • Knox Messenger: Enter the Knox Messenger OTP received via the registered Knox Messenger to authenticate.
  • PC SSO Agent: Install SingleID’s PC SSO Agent on a PC to perform integrated authentication (SSO) and unified logout across various web browsers, and to authenticate through PC security checks.
  • SingleID Authenticator: SingleID dedicated authentication mobile app that supports biometrics (fingerprint, facial), PIN, mOTP, and TOTP.
  • SMS: Enter the SMS OTP received on the registered mobile phone to authenticate.
  • Passkey: Mobile Passkey, security key, a convenient authentication method that enables easy login with Windows biometric/PIN code.
  • TOTP Authenticator: Enter the TOTP received via the registered authentication app or web extension to authenticate.

Authenticator list

We support all authenticators of the six supported types.

To check the Authenticator, please refer to the following path.

  • Admin Portal > Integration > Authenticator

Add Authenticator

On the Authenticator list screen, clicking Register moves to the next screen, switching to a screen where you can add an Authenticator.

To add an Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Each authentication methodselect > Next click the button.
  3. Enter the information required for authentication settings.
  4. Click the Save button.
Information
All nine types of Authenticators, which include various optimized work environments that a typical IdP service can provide, are already offered and registered/configured, so there is no need to add a new Authenticator until a new type of Authenticator is required.
information
To disable the Authenticator, select the application and click the Disable button.

Add Active Directory {#Active Directory-add}

Users can authenticate using the connected Active Directory.

To add Active Directory, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select Active Directory > Click the Next button.
  3. The General page appears. 3. Please review Authnticator Overview and click the Next button.
  4. Settings page appears. 4. Enter the information to register Active Directory as an Authenticator.
  5. After entering all information, click the Connection Test button to verify.
  6. After checking everything, click the Save button.
CategoryExplanationRequired or not
LDAP URLEnter the LDAP URL of Active Directory.
Enter a valid URL that includes ldap:// or ldaps:// for encrypted communication.
Example) ldap://ldap.example.com/dc=example,dc=com		Required
Service User DNEnter the unique identifier of the service-dedicated LDAP account.Required
service user passwordEnter the service user’s password in password format.Required
User search base DNEnter the user search base DN, the string that specifies the starting point for searches in the LDAP directory tree.Required
User attributeEnter user attributes.Required
Check LDAP connectionAfter entering all the above LDAP settings correctly, click the Connection Test button to perform the integration test.Required
Table. Add Active Directory
Reference

Active Directory Authenticator can be used as follows:

  1. Login
  2. Identity verification during the registration process
  3. Password reset
  4. Unlock ID

Add Knox Identity

Users can authenticate using the connected Nox portal.

To add Knox Identity, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select Knox Identity > Click the Next button.
  3. General page appears. 3. Check the Authnticator Overview and click the Next button.
  4. Policy page appears. 4. Enter the information to register Knox Identity as an Authenticator.
  5. After entering all information, click the Connection Test button to verify.
  6. After checking everything, click the Save button.
CategoryExplanationRequired or not
Maximum allowed authentication failure attemptsSet the maximum allowed number of authentication failures when using Knox Identity. It can be set from 1 to 10 times.Required
Nox IDEnter the Nox ID to test whether the account is linked.Required
Nox passwordEnter the Nox password to test whether the account is linked.Required
Verify Knox Identity connectionClick the Connection Test button to run the test.
If the test fails, contact the administrator.		Required
Table. Add Knox Identity
Reference

Active Directory Authenticator can be used as follows:

  1. Login
  2. Identity verification during the registration process
  3. Password reset
  4. Unlock ID

Add Knox Messenger

Enter the Knox Messenger OTP received via Knox Messenger to authenticate.

To add Knox Messenger, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select Knox Messenger > Click the Next button.
  3. General page appears. 3. Check the Authenticator Overview and click the Next button.
  4. Policy page appears. 4. Enter the information required to register Knox Identity as an Authenticator.
  5. After entering everything, click the Save button.
CategoryExplanationRequired or not
Access TokenEnter the Access Token for Knox Messenger.Required
Authentication code timeout (minutes)Enter the expiration time (minutes) for the verification code. It can be set from 3 minutes up to a maximum of 30 minutes.Required
Maximum allowed authentication failure attemptsThis is the maximum number of re-entries allowed after authentication failure. Please select the maximum allowed count.
You can select from 1 to 10 times.		Required
Table. Add Knox Messenger
Reference

Knox Messenger Authenticator can be used as follows:

  1. Login
  2. Passwordless authentication
  3. Identity verification during the registration process
  4. Find ID
  5. Password reset
  6. Unlock ID

Add PC SSO Agent

To use SSO across multiple browsers, you can install the PC SSO Agent on the user’s PC.

To add the PC SSO Agent, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add button, click it.
  2. Select PC SSO Agent > Click the Next button.
  3. General page appears. 3. Check the Authenticator Overview and click the Next button.
  4. Policy page appears. 4. Enter the information required to register with the PC SSO Agent.
  5. After entering everything, click the Save button.
CategoryExplanationRequired or not
Use PC SSO Agent for multi-browser SSOClick the Activate button to enable it.
To enable multi-browser SSO, you must configure a login policy for each application.
Once enabled, SSO between Chrome and Edge browsers is possible.
Set the login policy in Policy > Login Policy.		Selection
Prevent login using unsupported browsersClick the Activate button to activate.
If activated, login will be restricted on browsers other than Chrome and Edge.		Selection
Forcefully close the browser upon PC SSO Agent logoutClick the Activate button to enable it.
When activated, it will be forcibly closed on Chrome and Edge browsers upon logout.		Selection
Property SettingsWhen launching the PC SSO Agent, you can configure the user attributes that SingleID will pass to the PC SSO Agent. The configured user attributes are used for multi-browser SSO and C/S program (Rich Client application) authentication. To set the
attribute, click the Add button to configure user attributes.		Selection
Forcefully close the browser upon PC SSO Agent logoutClick the Activate button to enable it.
When activated, it will be forcibly closed on Chrome and Edge browsers upon logout.		Selection
Table. Add Knox Messenger
Reference

This Authenticator can be used as follows:

  1. Multi-browser SSO
  2. Rich Client application authentication

Add SingleID Authenticator

Authenticate using the SingleID Authenticator mobile app provided by SingleID.

If you want to add the SingleID Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select SingleID Authenticator > Click the Next button.
  3. The General page appears. 3. Please review the Authnticator Overview and click the Next button.
  4. Policy page appears. Enter the information to register the SingleID Authenticator as an Authenticator.
  5. After entering everything, click the Save button.
CategoryExplanationRequired or not
Authentication wait time (minutes)Enter the authentication waiting time (minutes). This is the input time for authentication processing. It can be set between 3 and 30 minutes.Required
Maximum allowed authentication failure attemptsThis is the maximum number of re-entries allowed after authentication failure. Please select the maximum allowed number of attempts.
You can select from 1 to 10 times.		Required
TOTP generation interval (seconds)This is the interval (seconds) for automatically generating OTPs. It can be set from 15 to 120 seconds.Required
Number of adjacent TOTP intervalsThis is the count of TOYP codes to allow before and after based on the SingleID server time. If this value is 3, three TOPT codes before and after the SingleID server time are allowed. This setting can prevent authentication failures caused by the time difference between the SignleID server time and the SingleID Authenticator. You can select 0 to 5.Required
App Push TypeYou can set the push type for the SingleID Authenticator app.Required
SingleID Authenticator biometric authentication replacement settingIf the user’s mobile phone does not have fingerprint or facial recognition features, authentication can be performed using alternative methods. It can be replaced with PIN, mOTP, or TOTP; when all users are selected, the user can change to another authentication method for authentication. If you want to apply it only to a separate group, select Apply only to the group below.Required
Table. Add SingleID Authenticator
Reference

This Authenticator can be used as follows:

  1. Login
  2. Passwordless authentication
  3. Identity verification during the registration process
  4. Find ID
  5. Password reset
  6. Unlock ID

Add TOTP Authenticator

Enter the TOTP received through the registered authentication app or web extension to authenticate. You can use TOTP authentication methods to support 3rd Party Authenticators such as mobile authentication apps (Google Authenticator, Microsoft Authenticator, etc.) and web browser extensions (Chrome Web Store, Microsoft Edge Add-ons, etc.).

To add the TOTP Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Add Click the button.
  2. Select TOTP Authenticator > click the Next button.
  3. General page appears. 3. Please review the Authenticator Overview and click the Next button.
  4. Policy page appears. 4. Enter the information required to register with the TOTP Authenticator.
  5. After entering everything, click the Save button.
CategoryExplanationRequired or not
Maximum allowed authentication failure attemptsThis is the number of allowed re‑entries when an incorrect TOTP is entered or a TOTP that exceeds the time limit is entered. It can be set from 1 to 10 times.Required
Number of adjacent intervals in TOTPThis is the number of TOTP codes allowed before and after based on the SingleID server time. If this value is 3, three TOTP codes before and after the SingleID server time are allowed. This setting can prevent authentication failures caused by time differences between the SingleID server time and the SingleID Authenticator. 0 ~ 5 can be selected.Required
IssuerWhen a user registers a ‘TOTP Authenticator’ using an ‘Authenticator App’ or ‘Web Extention’ and registers via a QR code, the format ‘Issuer : Tenanat/UserID’ appears on the user screen.Required
Table. Add Knox Messenger
Reference

This TOTP Authenticator can be used as follows:

  1. Login
  2. Multi-Factor Authentication (MFA)
  3. Authentication during Authenticator registration
  4. Password reset
  5. Unlock
  6. Conditional authentication
  7. Authentication for non‑compliant PCs
Reference

To apply the TOTP Authenticator, set it in the authentication policy.

  1. Available Authenticator (for login policy) → Use TOTP Authenticator when the user logs in
  2. Authenticator registration authentication → User uses TOTP Authenticator during Authenticator registration
  3. Account recovery > Password reset → Use TOTP Authenticator when the user resets the password

Modify Authenticator

On the Authenticator list screen, after selecting an Authenticator and clicking Edit, it switches to the edit screen.

If you want to modify the Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor > Edit button click
  2. Edit each item, then click the Edit button to complete the changes.
Reference
To edit each Authenticator, please refer to each Autheticator Add in the Authenticator List and make the modifications.

Delete Authenticator

On the Authenticator list screen, select an Authenticator, disable it, then return to the settings screen, and you can delete it using the delete button in the three‑dot menu. You must exclude the authentication policy settings before disabling; otherwise, the disable cannot be applied.

To delete the Authenticator, follow the steps below.

  1. Admin Portal > Integration > Authentictor List > Authenticator right three dots Click.
  2. Disable popup click
  3. If a warning popup appears, check the applied authentication policy.
  4. To manage the lower authentication policy, please click here. Then click to exclude the policy from the authentication settings.
  5. Deactivation is completed when the corresponding authentication policy is excluded from the authentication policy information.
  6. After deactivation is complete, click the Authenticator and then click the Delete button.

MFA Service Provider

MFA Service Provider provides a service that enhances user convenience by applying biometric and simple authentication technologies along with strengthened authentication methods, meeting the security requirements required by enterprises through multi-factor authentication.

Reference
The MFA Service Provider performs additional multi-factor authentication (MFA) for registered applications when users log in.

MFA Service Provider List

To view the list of MFA Service Providers, you can access the following menu.

  • Admin Portal > Integration > MFA Service Provider
CategoryExplanation
NameThis is the name of the MFA Service Provider.
System codeDisplays system code information.
project codeDisplays project code information.
User TagDisplays the User Tag.
typeShows how to integrate the MFA Service Provider. It is presented in the following three methods.
  • ADFS Plugin
  • MFA API
  • RADIUS
System code input fieldEnter the system code information.
Project code input fieldEnter the project code information.
Search term input fieldYou can search the Identity Provider list. Enter a search term and click the magnifying glass icon or press Enter to perform the search.
  • Searchable fields: name, description, system code, project code
Details buttonDetailed searches are possible. Search conditions can be combined using AND. After entering multiple fields, click the Search button, and the search will be performed according to the criteria.
  • Reset button click clears all search fields.
Register buttonYou can register a new MFA Service Provider.
Table. MFA Service Provider List

MFA Service Provider registration

To register the MFA Service Provider, follow the steps below.

  1. Admin Portal > Integration > MFA Service Provider > Register Click the button
  2. ADFS Federated Application or Custom Application or Network Equipment Select > Next Click the button
Information

There are three types of MFA Service Provider.

  • ADFS Federated Application : It uses the AD Flugin method and registers an ADFS federation application that will be linked with SingleID MFA.
  • Custom Application : Registers an application that uses the MFA API in API mode and integrates with SingleID MFA.
  • Network Equipment : It uses the RADIUS method and registers network equipment that will be linked with RADIUS‑based MFA.

Through a three-step screen as shown below, you can enter the required information, configure it, and register the MFA Service Provider for integration.

  • [General] {#General-3}
  • [MFA integration] {#integration}
  • [Owner] {#owner}

General

Enter general information for the MFA Service Provider.

CategoryExplanationRequired or not
NameEnter the name of the MFA Service Provider. Since it is identified by its name, a rule for distinction and management is required.Required
ExplanationEnter a description of the MFA Service Provider (including its functions, usage, etc.).Selection
Logo imageRegister a logo that can intuitively identify the MFA Service Provider.Selection
Manage users using User TagIf you enable User Tag usage, when a new user is registered from the MFA Service Provider, “#"+User Tag is automatically appended to the user’s ID, preventing duplicate ID registrations.Selection
User TagOnly one User Tag can be registered per MFA Service Provider.
- A User Tag cannot be modified after registration; it is a tag attached to the MFA Service Provider and the user.
- Tenant administrators can define and use User Tags. Users provisioned via JIT through the MFA Service Provider have the same User Tag set as a user attribute, allowing identification of where the user was created.		Required
System codeEnter the system code information.Selection
project codeEnter the project code information.Selection
campaignIf only one authentication method is used, a pop-up page guiding the user to register an authentication method is displayed. It becomes active when the selection box is selected.Selection
Table. MFA Service Provider General

MFA integration

Enter MFA integration information.

CategoryExplanationRequired or not
Conditional authenticationConditional authentication is a policy that performs additional authentication when the authentication conditions registered in conditional authentication are met.
To apply conditional authentication, click the check box.
Select the WHEN policy and the THEN policy.
The WHEN policy is an authentication policy executed when a specific condition occurs at login.
The THEN policy performs an additional identity verification when the WHEN policy is satisfied.		Selection
LoginAdd the provided Authenticator to the Chip Box.
When logging in, click the Activate button to use the delegation to the administrator.
If you enable the delegation option to the administrator, you can see the following guide messages on the ‘Select Authentication Option’ page for registration.
1. “If you cannot complete identity verification due to any issue, you can request verification from the manager. Click here”
2. “If a problem occurs with identity verification, you can request delegated verification from the administrator. Please click here."
※ Delegation is only possible to administrators who have registered the SingleID Authenticator mobile app as an Authenticator.		Required
Authentication during Authenticator registrationSet the identity verification method that the user must perform during the Authenticator registration process.
The user configures an Authenticator for identity verification.
Perform the following additional authentication: strengthen verification during the identity verification process.
* Whether to perform authentication during registration when no Authenticator is registered: set whether to proceed when the user has no registered Authenticator.
1. Perform When selected, the user can register an additional authentication method and then authenticate.
2. Do not perform When selected, authentication is not carried out if there is no registered authentication method.
3. Follow JWT When selected, the predetermined JWT policy is adhered to.
* Click the Enable button to use the authentication delegation feature for administrators.
※ Authentication delegation is only available to administrators who have registered the SingleID Authenticator mobile app as an Authenticator.		Selection
List of administrators to delegate authenticationSelect the checkbox if you want to use the delegated administrator list of the SCP cloud object storage as a separate authentication administrator list when delegating authentication to an administrator.
This option is available only when “Delegate authentication to administrator” is enabled in the “Authenticate during Authenticator registration” or “Login” items.
To retrieve and apply an administrator list stored as a JSON file in cloud object storage, the following settings are required.
1. Access Key: Enter the Access Key of the cloud object storage.
2. Secret Key: Enter the Secret Key of the cloud object storage.
3. Endpoint: Enter the URL of the cloud object storage service provider. It must start with “http://”.
4. Bucket name: Enter the bucket name of the cloud object storage.
5. File path: Enter the file path in the cloud object storage.
6. Verify cloud object storage connection: After entering all items, click the Connection Test button to check the result. The result will show success or failure.
7. If the connection verification succeeds, the Test File Search button will appear. Click the button.
8. A file search test popup will appear; enter the file name and click the Validate button.
9. After clicking the button, a .json file will be created; if a file with the same name already exists, rename it to complete the test.		Selection
User information update method during login (MFA) processSelect the user information update method during the login process.
1. Automatic update with JWT Claim information: a method that automatically updates the Claim information among the authentication data of a JWT token
2. Maintain information at the time the user data is created: retain the initially created user information.
Follow JWT When selected, it complies with the defined JWT policy.
Required
Whether to automatically register Knox Messenger as
Authenticator during the login (MFA) process		Select whether to automatically register Knox Messenger during login execution.
If an ID is not registered in Knox Messenger, selecting ‘Register’ will not automatically register it.
1. Automatic update with JWT claim information: a method that automatically updates the claim information among the authentication data of a JWT token
2. Preserve the information at the moment the user data is created: retain the initially generated user information.
Follow JWT When selected, it adheres to the defined JWT policy.
Required
ClaimEnter the Claim name.
A Claim is an authentication method that manages user authentication and permissions through a specific key value, and allows you to add the necessary data for use.
Defines the mapping that verifies whether the user is the same. Up to 30 can be registered.
Required
Secret KeyThe Secret Key is an encryption key for trusted communication between SingleID and the MFA Service Provider.
Click the Issue button to issue it.
Required
Table. MFA integration
Information
The person who will handle identity verification on your behalf can be set in the person in charge tab.

Owner

Select and register the person in charge of the newly registered MFA Service Provider.

CategoryExplanation
Add buttonYou can add a person in charge of the MFA Service Provider.
searchYou can find the person in charge using a search term (ID, name, email, status).
Select (Check Box)Select the person in charge retrieved from the list.
AddYou can add the selected assignee.
CompletedComplete assigning the person in charge.
Table. Register person in charge

When you click the Complete button, the registration is completed.

MFA Service Provider edit

On the MFA Service Provider list screen, after selecting an Authenticator and clicking Edit, you are taken to a screen where you can make modifications.

To modify the MFA Service Provider, follow the steps below.

  1. Admin Portal > Integration > MFA Service Provider > Edit Click the button.
  2. Edit each item, then click the Edit button to complete the changes.

Delete MFA Service Provider

After selecting an MFA Service Provider on the MFA Service Provider list screen, deactivate it, return to the list screen, and you can delete it from the three‑dot menu.

To delete the MFA Service Provider, follow the steps below.

  1. Click Admin Portal > Integration > MFA Service Provider List > MFA Service Provider right three dots.
  2. Delete Click the popup button.
  3. If a warning popup appears, check the MFA Service Provider information.
  4. Enter the MFA Service Provider name below and click the Delete button.
Dashboard
Identity Store