Enterprise users can integrate their single sign-on solution with SourceClear using SAML. Email firstname.lastname@example.org to enable single sign-on. In your email, include the user name and team of the account you want to provision along with the relevant SAML attributes.
Benefits of Single Sign-On
Revoke user access: When an employee leaves the company, administrators can revoke access to SourceClear in their identity provider (IdP), making the user unable able to login. The user’s account and associated data remain in SourceClear until the user is deleted by an owner of the SourceClear account.
On-demand user creation: Anyone at your company can obtain a SourceClear account simply by logging in. This feature is especially valuable when sharing scan results with a colleague who wants to investigate an issue immediately.
SAML Attributes for use with any IdP
You can also configure single sign-on with other systems that support the SAML standard. Send the SAML metadata generated by your IdP to email@example.com as an attachment. If the IdP does not generate a SAML Metadata file automatically, provide SourceClear with the Single Sign-On URL that your users should be directed to when they want to sign on, the IdP issuer, and the X.509 certificate that SourceClear can use to validate requests for authentication by you. You need the following attributes to configure your IdP:
|Single Sign-On URL||https://api.sourceclear.com/saml/SSO|
|Audience URI (SP Entity ID)||https://api.sourceclear.com/sp|
|Name ID format||urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress|
|Application username||email address|
|Service Privider (SP) logo||Our icon|
SAML Optional Attributes
|firstName||Basic||User’s first name||no|
|lastName||Basic||User’s last name||no|
- When you create users in SourceClear, they are added to the organization which you specify. They do not belong to any workspaces on initial creation.
- Administrators of the organization can delete users and configure the organization. Veracode recommends that you have more than one user with administrative privileges.
- Users can login by going to your organization’s URL with /saml added to the end (i.e. orgname.sourceclear.io/saml) or by finding our application in the list of available applications provided by your single sign-on solution.
- Users are automatically logged out after 30 minutes of inactivity. However, if the user attempts a login, the authentication policies enforced by your IdP determine when the user needs to re-authenticate before returning to the SourceClear application.