Using Single Sign-On (SSO) with ISMS.online allows you to make use of a powerful provisioning tool, that will assist you with mass user creation: New User Templates!
What are New User Templates?
A New User Template (NUT) is essentially a blueprint that can be used to automatically provision work areas to a user when they are created by logging in via SSO.
There is no limit to the number of NUTs that you can have in your environment. ISMS.online will collect all applicable templates for the user in question and grant the highest level of access permission for each individual work area.
There are two ways to apply your template:
1. All users
This will be your foundational layer for user access. If there are areas that you believe all users should be able to see (e.g. a day 1 induction Policy Pack), it would be set within this template.
2. Users who belong to a group in the identity provider
This is where you can build out different templates to satisfy the requirements of groups that have been set up in Okta. For example, you may have 3 groups, Development, Customer Success, and Sales - each of these will have its own unique template in ISMS.online that can be used to grant access to their respective Policy Pack, processes Project and communications Group.
How to set up a new user template in Okta
Create a Group in Okta
In most cases, your organisation may already have groups in use, they may be named based on department or role (e.g. Development, Customer Success, Sales). If you already have your groups set up, you can skip this step. If not you can make a group by:
1. Navigating to your Okta admin panel > Directory > Groups
2. Click `Add Group`
3. You can then click the `Assign people` button to add users to your group.
Now that we have our test group created, we need to add this as a Group Attribute Statement in the application. This is what will prompt Okta to include it in the SAML request.
Create a Group attribute claim
In this setup, we will use the group `Test` that we've just created.
1. Navigate to your Okta admin panel > Applications > ISMS.online > General
2. Click `Edit` to the right of the `SAML Settings` heading
3. Click `Next` to skip to Step 2 `Configure SAML`
4. Towards the bottom of the page you will find `Group Attribute Statements (optional)`, add in the following:
- Name: http://schemas.xmlsoap.org/claims/Group
- Name format: Unspecified
- Filter: Select `Equals` from the dropdown, and in the text box to the right enter the group name (in this case `Test`)
5. Click `Next` at the bottom of the page and then `Finish`
This is all the work that we need to do in Okta, we can now head to ISMS.online to set up the NUT.
Create a New User Template
1. Sign in to ISMS.online
2. Navigate to Organisation settings > New User Templates
3. Click `Create new Template`
4. Enter the template name, this can be named whatever you would like
5. Select `Only users who belong to a group in the identity provider`
6. The `SSO attribute` will be the group name that we've specified in Okta, in this example case it will be `Test`
You can now scroll down the page and customise the access permissions that you would like to be applied to anyone in this group. Please keep in mind you can only control the access to areas that you administer.
Once this is saved if someone tries to sign in via SSO when they do not have a user in ISMS.online, but do have an Okta user that has been granted access to the app - the platform will create a new user for them. It will then use the groups they are a part of to automatically grant them access to areas based on the templates that apply to them. As mentioned previously, the user will be given the highest level of access amongst all the relevant templates.
If you have any questions or encounter any issues, feel free to contact our support team through the live chat or via email (firstname.lastname@example.org)