4. Bring Your Own Identity (BYOI) Integration

If your organization already uses Single Sign On (SSO) services for user authentication before accessing your cloud services, you can integrate with OPSWAT's SaaS solutions to prevent unauthorized access to your cloud applications. We support most Identity Providers (IdPs) who support the Security Assertion Markup Language (SAML) protocol as well as cloud services (applications) that support SAML SSO.

Custom IDP integration however disables any previously enabled Multi-Factor Authentication within OPSWAT.

How to integrate with OPSWAT

Integration with identity provider and service provider takes few information exchanged between organization and OPSWAT.

  1. OPSWAT → Organization:

    1. IdP Start URL: In case you use SP-Initiated SSO workflow

    2. Assertion Consumer Service (ACS) URL: Each application has a unique post back single sign on URL to authenticate users signing through a third-party identity provider. OPSWAT uses this URL to forward the authentication message from IdP to the application after checking.

  2. Organization → OPSWAT:

    1. Customer Company Name and Domain

    2. Identify Provider(IDP) metadata file (*.xml) from the customer IDP setting console

    3. Confirmation of the setup of the following attributes

      1. Name ID format → Email Address

      2. Attribute Statement (send in SAML token)

        1. firstName

        2. lastName

        3. emailAddress

Once OPSWAT account representative confirms successful registration of organization provided IDP metadata file, all users going forward would be allowed seamless authentication to OPSWAT protected resources.