Skip to main content
NICE CXone Expert

Scheduled CxOne Expert Maintenance - Oct 26th 11:59 pm PT - Learn More

Expert Success Center

How Using SAML SSO Impacts Your MindTouch Site

Applies to:
All MindTouch Versions
Role required:
N/A
Before enabling SAML SSO, understand how SAML SSO authentication in Expert may affect your implementation or workflows.

TLS/SSL requirement

SAML SSO requires HTTPS
If you are currently not using the transport layer security (TLS) protocol for your Expert site domain, please contact the Expert Support team for further details.

If you would like to implement TLS for your Expert site domain after your SAML SSO integration has been configured, please plan for 4–6 hours to coordinate an update to your Expert SAML SSO integration.

VPN/IP restrictions

SAML SSO sessions can occur behind existing VPN or IP-restrictions if enabled for your Expert site.

Group Management

Once SAML is enabled, group membership for SAML users can no longer be managed locally in Expert. 
For security purposes controls group profiles have to be managed in your SAML identity provider (IdP). If users are added to a group in Expert but are not added to the group in the SAML IdP, the IdP will strip the users from the group in Expert.

Username Management

Once SAML is enabled, users can no longer be renamed locally in Expert. 
If a username is changed locally in Expert, the SAML IDP will recreate a new user with the old name next time the user tries to log in. Note that while the username cannot be locally changed in Expert, the display name can.

If machine-generated usernames are synchronized, accessing user contribution or user history data in challenging if user display names are not synchronized. 
If you previously authenticated Expert users locally and now decide to enable SAML SSO, carefully choose your SAML IdP usernames. SAML 2.0 typically uses a persistent username format. If the persistent username is ported over as a non-human-readable string, we recommend synchronizing a user display name or the user’s email address.

When configuring your SAML IdP, speak with your IT team to align the username format with your existing Expert usernames to avoid user duplication.

Display Name Customization

You can design your own Expert display name from your SAML IdP values. 
Your SAML IdP stores a lot of information about your users (company name, first name, last name, phone number, etc.). Expert only uses three user values: A username, an email address, and a display name. While the username and email address are pulled into Expert as is, you can choose to populate the display name from a combination of IdP values defined by you.

 

  • Was this article helpful?