Enabling single sign-on with SAML

You can enable single sign-on (SSO) using settings in Kofax AP Essentials. Before you can enable single sign-on, an identity provider must be set up on the partner system.

Enabling single sign-on in Admin Center

To enable single sign-on in Admin Center:

  1. Upload a valid certificate to the Resources view on a partner account.

    The certificate must contain a public key from the customer system, and it cannot contain a private key. The certificate must be formatted and encrypted according to the X.509 standard, and it must have the file extension CER. However, if the certificate has the file extension CRT, and it is properly formatted and encrypted according to the X.509 standard, you can simply change the file extension to CER.

  2. Navigate to Account > User management > Identity providers and click ADD.
  3. Specify the settings in the view that appears.

    Make sure you select SAML 2.0 as the Protocol and use the Response signature certificate setting to specify the certificate that you uploaded.

    Optionally, you can use the Assertion signature certificate setting to send signed SAML assertions.

    All SAML responses from the identity provider must be signed. However, signed SAML assertions are optional. Kofax AP Essentials accepts encrypted and unencrypted signed SAML assertions. If you choose to encrypt signed SAML assertions, you must use the public key in this ZIP file: https://production.readsoftonline.com/install/readsoftonline-saml.zip

  4. Click SAVE & CLOSE to save your settings.
  5. Navigate to the User management view and click EDIT.
  6. Select Enable in the SINGLE SIGN-ON settings and choose the Identity provider that you created in the previous steps.
  7. Click SAVE & CLOSE.

    The configuration is complete, and users can now log in from the system that issues single sign-on requests.