Single Sign-On (SSO) Configuration

🎯 Objective

Learn how to configure Single Sign-On (SSO) on netLex to enable secure and simplified access for your organization’s users. This guide provides all instructions to configure SSO using SAML 2.0 or LDAP.

This article includes sections:

• What is SSO?
• How to configure?
• SAML 2.0 Protocol
• LDAP Protocol
• Frequently Asked Questions
   

💻 What is SSO?

Single Sign-On (SSO) allows users to access netLex using their organization’s credentials, like Microsoft AD, Azure AD, G Suite, Okta, and OneLogin. This feature enhances security and convenience by eliminating the need for multiple passwords, making access management easier.

 

What problems does it solve?

🗝️ Reduces the need for multiple passwords, making login faster.

🔒 Increases security by integrating netLex with trusted authentication systems.

🔍 Simplifies access management for administrators.

⚙️ How to configure?

1. SAML 2.0 Protocol 📜

   This protocol allows integration with most identity providers (IdP), such as Microsoft AD, Azure AD, and Google Workspace.

   • Register netLex: Access your organization’s IdP and register netLex as an authorized application using the service metadata at:
     
     https://<netlex-company-domain>/api/auth/saml-sp-metadata
     
     Example: For the domain https://netlex.netlex.com.br, the XML containing the metadata can be obtained at: https://netlex.netlex.com.br/api/auth/saml-sp-metadata.
     
      
   • Obtain SAML metadata: Another option to get this data is to go to "Settings" > "Single Sign-On" in netLex and click on Obtain SAML metadata.
     
     
     
     
     
      
   • Submit information: Provide netLex with the following information:
     • Identity Provider (IdP) metadata
     • Entity ID
     • SSO service URL
     • User login attribute (valid email)
     • User full name attribute
     • Entity certificate (X.509)
        

   🔍 Note: The attribute items may vary based on the configuration of each environment. Ensure that you specify the correct attribute containing the email used to access the platform. Be careful not to confuse it with the network login, if this distinction exists. Send only a single attribute with the full name of the users.
   
    

2. LDAP Protocol 📚

   Ideal for those who use directory software like Microsoft AD or Apache Directory.

   To configure, provide the following data:

   • Base DN (e.g., CN=Users, DC=xpto, DC=net)
   • LDAP version number (usually 3)
   • User login attribute (valid email)
   • Host (e.g., xpto.net)
   • Port (default is 389 for LDAP and 636 for LDAPS)
   • LDAP server certificate (only for LDAPS)
   • Credentials for a service user with query permissions in the user base

🗝️ Security Tip: netLex uses HTTPS to transmit LDAP data and never stores passwords.


 

❓ Frequently Asked Questions

• Can I configure SSO on my own?
  Yes, you can complete the setup independently. Simply follow the step-by-step instructions in the articles and ensure all parameters are configured correctly.
   
• How can I make sure SSO is working?
  Perform a login test with an authorized user after completing the configuration.
   

• How do I reset my password if I use my corporate/SSO account to log in?
  Password resets must be done directly in your company’s corporate platform (e.g., Azure, Google, Okta). netLex does not send password reset e-mails to users configured to log in with their corporate account.