Skip to content
Orbit GroundControl home
Orbit GroundControl home

Single Sign-On (SSO)

Overview

Orbit offers Single Sign-On (SSO) capabilities for operator users, enhancing security and streamlining access management. This feature allows organizations to integrate their existing identity providers with Orbit, providing a seamless authentication experience for their users.

Key Features

  • Support for multiple identity providers

  • Integration with Azure Active Directory (Entra ID)

  • Customizable user attributes and role mapping

  • Automatic user creation upon first SSO login

How It Works

Orbit's SSO implementation is based on Amazon Cognito and supports SAML 2.0 protocol. When a user attempts to log in:

  1. They are presented with an option for Single Sign-On on the login page

  2. The user enters their email address

  3. Orbit determines the appropriate identity provider based on the email domain

  4. The user is redirected to their organization's SSO login page

  5. Upon successful authentication, the user is granted access to Orbit

Setting Up SSO

To enable SSO for your organization, you'll need to provide Orbit with the following information:

  • App Federation Metadata URL from your identity provider

  • Claim mappings for user attributes (e.g., firstname, lastname, email)

  • Default user role and team for new users

  • List of email domains associated with your organization

Orbit will then provide you with:

  • Identifier (Entity ID) for your identity provider to use

  • Reply URL (Assertion Consumer Service URL) for SAML configuration

User Management

When a user logs in via SSO for the first time, Orbit automatically creates a user account based on the information provided by your identity provider. This ensures a smooth onboarding process for new users.

Security Considerations

SSO integration enhances security by:

  • Centralizing user authentication

  • Enforcing your organization's password policies and multi-factor authentication

  • Simplifying user offboarding by allowing you to revoke access from a single point

Support and Configuration

For assistance with SSO configuration or to enable this feature for your organization, please contact Orbit support. Our team will guide you through the setup process and ensure a smooth integration with your existing identity management system.

Powered by Plain