Skip to main content

SSO Quickstart Guide

Nova Credit offers Single Sign-On (SSO) for customers to log in to the Nova Credit Customer Dashboard. SSO is an account security feature that allows team members to sign-in to the Nova Credit Dashboard without creating or remembering a password.

Terminology

  • Service Provider (SP): Nova Credit is the service Provider
  • SP-initiated SSO: The login process is initiated from Nova Credit’s side, and the user is redirected to their Identity Provider (IdP) for authentication. The user logs into their IdP (if not already logged in). Once successfully authenticated, the user is logged into their Nova Credit Dashboard.
  • Identity Provider (IdP): a service that stores and verifies user identity. Common IdPs include Okta and Microsoft Azure Ad/Entra ID.
  • IdP-initiated SSO: This is when users log into their IdP’s SSO page (e.g. Microsoft Azure AD/Entra ID) and click on Nova Credit’s enterprise application tile to log in using SSO and open the Nova Credit dashboard.

Nova Credit supports the following SSO features

  • SAML standard package for login: support both IdP- and SP-initiation + for user provisioning: SCIM provisioning
  • SSO can only be configured on a Standalone or Parent-level. SSO cannot be configured for Child accounts.
  • Method: IdP- and SP-initiated SSO (both methods are supported)
  • IdP-initiated will be toggled ‘off’ by default and can be toggled ‘on’
  • Customers will only be able to have one authentication method at a time, either password-based authentication or SSO

Where to configure SSO in the Nova Credit Dashboard

Dashboard SSO

In Customer Dashboard, Admins or Protected Admins will be able to configure SSO. Go to the Settings tab > Security subtab. In the Single sign-on (SSO) section, toggle on “Enabled SSO” and click the “Configure SAML” button.

There are two sections in the “SAML configuration” page.

Service provider (SP) details: These are fields that should be copied and pasted into the customer’s Identity/SSO provider’s configuration page.

  • SP sign-on URL: https://dashboard.novacredit.com/login
  • SP entity ID: https://novacredit.com/sso/sp
  • Assertion consumer service URL: https://dashboard.novacredit.com/user/sso/acs

Identity provider (IdP) details: These are fields where information should be obtained from the IdP and pasted into the Nova Credit Dashboard.

  • IdP sign-on URL: The URL Nova Credit redirects to for customers to enter their credentials
  • Work domain: after the @ in the customer’s email address. This is used to determine which account and SSO configuration to use based on parsing the domain from their email address (e.g. hsbc.com). Nova Credit can support more than one domain.
  • Certificate: a Public x509 Certificate, a digital certificate to verify the SAML assertion signature. This certificate can be downloaded from the IdP.

SSO Config

Configuring SAML single sign-on

SAML is a standard protocol for authenticating users for SSO. These instructions detail how to configure Nova Credit’s Customer Dashboard as a SP using SAML to authenticate users via a customer’s SSO IdP.

The general steps to implement SAML SSO are:

  • Collect prerequisite information necessary to complete the implementation
  • Configuring the SP settings in the instance
  • Provide SP information to the IdP so that the IdP will recognize communications from and know how to communicate with Nova Credit
  • IdP provides metadata
  • Configure the IdP settings
  • Test

Prerequisite Information

  • IdP sign-on URL: The URL Nova Credit redirects to for customers to enter their credentials
  • Work domain: after the @ in the customer’s email address. This is used to determine which SSO configuration to use based on parsing the domain from their email address (e.g. hsbc.com)
  • Certificate: a Public x509 Certificate, a digital certificate to verify the SAML assertion signature. This certificate can be downloaded from the IdP.

IdP Configuration

Customers will need to set the following signing options in their IdP for SSO to work.

  • Signing Option: Sign SAML response and assertion
  • Signing Algorithm: SHA-256

JumpCloud Specific

  • SAMLSubject NameID: email
  • SAMLSubject NameID Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

SCIM Configuration

SCIM Documentation https://docs.novacredit.com/scim

To configure SCIM for user provisioning, SSO will first need to be enabled in the customer dashboard and then you can click on the “Access user provisioning” button.

  1. Toggle on Enable SCIM
  2. Copy and paste the SCIM tenant URL and Token into the IdP (or share with customer to enter into their IdP).

SCIM Config

SSO Testing

Testing can be done by creating a separate test customer environment, configuring SSO in there, and testing. Once testing is complete, that configuration can be manually migrated over to the customer’s production environment when they are ready to go-live with SSO.