Overview
You can configure inSync to use Single Sign-On (SSO) to authenticate and authorize users. By default, inSync uses email address as the unique identifier for Authentication. Additionally, inSync provides an option to configure Uniform Universal Personal Identification Code (UUPIC) as a custom attribute to identify users and administrators in your organization. For this, inSync connects to Active Directory to get the UUPIC.
Contact Support to enable this configuration option for you. Once enabled, you can configure an identifier for inSync users and administrators who log in using SSO.
UUPIC for SSO of inSync users and administrators
The following guidelines govern the configuration of inSync to use UUPIC for SSO of inSync users and administrators:
inSync obtains and uses the UUPIC value only to identify and authorize users to access inSync Client and administrators to access the inSync Management Console.
inSync never displays UUPIC value on the inSync Management Console or {[Client}} UI.
UUPIC for administrators is currently available only for inSync GovCloud accounts.
At least one AD/LDAP mapping must exist in inSync to successfully the sync users and administrators with UUPIC . For more information, see Create an AD/LDAP mapping.
Configure inSync to use UUPIC for users and administrators
To configure inSync to use UUPIC for SSO authentication:
On the inSync Management Console menu bar, click > Users > Deployment. AD/LDAP page with existing AD/LDAP Mapping list appears.
Click the Settings tab.
In the AD/LDAP Settings area, click Edit.
In the Custom Attribute for SSO box, type the exact name of the custom field for using UUPIC as the unique identifier for authenticating and authorizing users uniquely. For example, employeeNumber.
Click Ok to save the changes.
inSync obtains the UUPIC details of the users from your AD through a query triggered by theAuto sync interval.Only the user details are fetched with this query. The administrator details must be synced separately, as specified below.
π Note
βIf you do not want to wait for inSync to automatically import users from your AD, you can manually start the import user process. For more information, see Manually import users from your AD.
Synchronize existing administrators with UUPIC
You can perform this synchronization only for the existing administrators.
To synchronize existing administrators with UUPIC:
On the inSync Management Console menu bar, click Users > Deployment. AD/LDAP page with existing AD/LDAP Mapping list appears.
Click the Settings tab.
In the AD/LDAP Settings area, click Sync Custom Attribute.
A confirmation message is displayed indicating the number of successful and failed syncs.
β
The number of failed syncs indicates the number of administrator accounts for which inSync did not find the specified identifier value in the Active Directory.
π‘ Tip
Once UUPIC is enabled, you can create a new administrator only if the associated identifier is present in the Active Directory.
For additional support on configuring UUPIC as a custom value for SSO, contact Support.