What is federated identity?
Federated Identity gives customers the option to use their own familiar company credentials to sign into CSI software and website instead of using their CSI sign-in credentials. To implement, the company will have to federate their identity platform (IdP) with CSI’s identity platform. Once setup, all contacts with federated email domains will automatically be redirected to their IdP for authentication.
Which identity platforms and standards does CSI support to setup federation?
- Microsoft Active Directory (Azure Active Directory, Active Directory, ADFS, AD/LDAP)
- Google Workspace
- OpenID Connect
- Okta
- PingFederate
- SAML
Which IdP does CSI use?
CSI uses Auth0 as our identity provider.
Can customers who choose to setup federated identity still use the User Management Dashboard (UMD) to bulk import contacts to into the CSI database?
Yes, you can still import your your contacts in bulk using the UMD. When customers authenticate through federated IdP, they will be connected based on the user's email address.
What happens if a new user authenticates via federated identity and does not exist in the CSI Database?
New user will receive an error message after signing in to let them know to contact their IT team. Their Customer Account Administrator(s) will have to add the user to the CSI Database via the User Management Dashboard.
Does CSI support SCIM Provisioning to keep a customer's IdP in sync with CSI's database?
CSI currently does not support SCIM provisioning, but it is on the roadmap for early 2024.
How to get started?
Please follow the instructions below for the identity provider you have. After completing the steps in the instructions, contact indentity@csiamerica.com to set up a call with CSI to complete the final steps.
- For users with Microsoft Active Directory (Azure Active Directory, Active Directory, ADFS, AD/LDAP):
To start the process, you will need to do the following as stated in this document under Step 1, Register your app with Azure AD: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/azure-active-directory/v2
- You will need to register an App in your Azure AD
- Create a Client Secret (we will need the Secret Value, not the Secret ID)
- Add permissions (per document above)
- In the App Registration, create the following web URI Redirect: https://identity.csiamerica.com/login/callback
- For users with Google Workspace:
To start the process, you will need to do the following as stated in this document under Step 1, Set up your App in Google: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/google-apps
- For users with OpenID Connect:
To start the process, you will need to do the following as stated in this document under Step 1, Set up your App in the OpenId Connect Identity Provider: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/oidc
- For users with Okta:
To start the process, you will need to do the following as stated in this document under Create Okta OIDC App Integration: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/okta#create-okta-oidc-app-integration
- For users with PingFederate:
To start the process, you will need to do the following as stated in this document under Step 1, Get the Signing Certificate from the Idp and Convert it to Base64: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/ping-federate
- For users using SAML:
To start the process, you will need to do the following as stated in this document under Step 1 and 2, Enter the Post-back URL and Entity ID at the IdP, Get the Signing Certificate from the Idp and Convert it to Base64: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/saml
For questions about federated identity, please contact identity@csiamerica.com.