What is federated identity?
Federated Identity gives customers the option to use their own familiar company credentials to sign into CSI software and website instead of using their CSI sign-in credentials. To implement, the company will have to federate their identity platform (IdP) with CSI’s identity platform. Once setup, all contacts with federated email domains will automatically be redirected to their IdP for authentication.
Which identity platforms and standards does CSI support to setup federation?
- Microsoft Active Directory (Azure Active Directory, Active Directory, ADFS, AD/LDAP)
- Google Workspace
- OpenID Connect
- Okta
- PingFederate
- SAML
Which IdP does CSI use?
CSI uses Auth0 as our identity provider.
Can customers who choose to setup federated identity still use the User Management Dashboard (UMD) to bulk import contacts to into the CSI database?
Yes, you can still import your your contacts in bulk using the UMD. When customers authenticate through federated IdP, they will be connected based on the user's email address.
If a new user is authenticates via federated identity, how are they added to the CSI Database?
New users that authenticate via federated identity will be added on the fly to the default customer that is specified during federated identity setup. The new user will be giving assigned the customer's default role and added to the customer's default license group. The default role and default license group can both be found, and changed, in the User Management Dashboard.
Does CSI support SCIM Provisioning to keep a customer's IdP in sync with CSI's database?
CSI currently does not support SCIM provisioning, but it is on the roadmap for early 2024.
How to get started?
Please follow the instructions below for the identity provider you have. After completing the steps in the instructions, contact indentity@csiamerica.com to set up a call with CSI to complete the final steps.
- For users with Microsoft Active Directory (Azure Active Directory, Active Directory, ADFS, AD/LDAP):
To start the process, you will need to do the following as stated in this document under Step 1, Register your app with Azure AD: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/azure-active-directory/v2
- You will need to register an App in your Azure AD
- Create a Client Secret (we will need the Secret Value, not the Secret ID)
- Add permissions (per document above)
- In the App Registration, create the following web URI Redirect: https://identity.csiamerica.com/login/callback
- For users with Google Workspace:
To start the process, you will need to do the following as stated in this document under Step 1, Set up your App in Google: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/google-apps
- For users with OpenID Connect:
To start the process, you will need to do the following as stated in this document under Step 1, Set up your App in the OpenId Connect Identity Provider: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/oidc
- For users with Okta:
To start the process, you will need to do the following as stated in this document under Create Okta OIDC App Integration: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/okta#create-okta-oidc-app-integration
- For users with PingFederate:
To start the process, you will need to do the following as stated in this document under Step 1, Get the Signing Certificate from the Idp and Convert it to Base64: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/ping-federate
- For users using SAML:
To start the process, you will need to do the following as stated in this document under Step 1 and 2, Enter the Post-back URL and Entity ID at the IdP, Get the Signing Certificate from the Idp and Convert it to Base64: https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/saml
For questions about federated identity, please contact indentity@csiamerica.com.