Labii Documentation
HomeFree SignupFree DemoContact Us
  • Getting Started
    • Introduction
    • Quick Start
  • User Guide
    • Interface
      • Side Menu
      • Views
    • Add Record
      • Add a project
      • Add a blank record
      • Add records in bulk
      • Add a record from a template
      • Add record(s) from file(s)
      • Add a template
    • Record List View
      • Table List View
      • Project List View
      • Row List View
      • ❗Import Records
      • Export Records
      • Bulk Operations
        • Bulk Edit Columns
        • Bulk Edit Sections
        • Bulk Print Detail
        • Bulk Print Labels
        • Bulk Print Barcodes
        • Bulk Print QR Codes
        • Bulk Download
        • Use Selected to Add Blank Record
        • Use Selected to Bulk Add Records
    • Record Detail View
      • Columns
      • Sections
      • Notes
      • Signers
      • Versions
      • Activities
      • Visitors
      • Permissions
      • Section
      • Actions
        • Sign
        • Print
        • Share
    • Navbar
      • Search
        • Global search
        • Search at list view
        • Search query
      • Scan
    • Side Menu
      • Dashboard
      • Calendar
      • Notifications
      • Reload Organization
      • Switch Organization
      • Change Data Center
    • Accounts
      • Authentication
      • Setup an account
      • Create an account
      • My Profile
    • AI Integration
      • Prompt box
      • Prompt template
      • ProtocolGPT
      • AI in Widgets
      • Use cases
  • Admin Guide
    • Organization
    • Backups
    • Personnel
    • Certifications
    • Teams
    • Projects
      • Members
    • Applications
    • Tables
      • Columns
      • Sections
      • Filters
    • Workflows
    • Widgets
    • Subscriptions
    • Credits
    • Invoices
    • Single Sign On
      • Google G Suite
      • Okta
      • OneLogin
      • Microsoft Azure
    • API Keys
  • Widgets
    • Overview
    • Column Widgets
      • Form
        • Text inputs
          • Text
          • MultilineText
          • RichText
          • Number
          • RangeUnit
          • Email
          • Phone
          • Secret
          • Link
          • Address
        • Boolean
          • Checkbox
          • Switch
        • DateTime
          • Date
          • Time
          • DateTime
          • Appointment
          • TimeStamp
          • Timezone
        • Dropdown
          • Select
          • MultiSelect
          • ForeignKey
          • ForeignKeys
          • Member
          • Members
        • File
          • Files
          • Image
          • File Path
          • File Size
          • File Antivirus Status
      • Barcode
        • Barcode
        • QR Code
      • Calculation
        • Formula
        • Numbering
        • RowCount
        • Consumption
      • Integration
        • API
          • API
        • Dropdown
          • API ForeignKey
          • API ForeignKeys
      • Column
        • Record Citation
        • Column Citation
        • Column Data
        • Column Addition
      • Regulation
        • Signature
          • Signature
          • Open Signature
          • Signature Status
      • ❗Chemistry
      • ❗PubMed
      • ❗Device
      • ❗Integration
      • Advanced
        • Subtitle
        • Rating
        • Nested Fields
        • Storage
        • Storage Coordinates
    • Section Widgets
      • Office
        • Text
          • Plain Text
          • CKEditor Classic
          • CKEditor Balloon
          • CKEditor Document
          • CKEditor Restricted
          • CKEditor Classic Controlled
          • Code Editor
        • ❗Table
        • File
          • Files
          • File Preview
        • Google Drive
        • Drawing
        • G Suite
        • Microsoft Office
      • Data Display
        • Columns
          • Columns
          • Metadata
        • Sections
          • Section Display By Record
          • Section Display By ForeignKey
        • Record List
          • Record List
          • Record List by Column
          • Record List by ForeignKey
          • Record List by Query
      • ✅Regulation
        • Signers
        • ✅Audit Trail
          • ✅Activities
          • Versions
          • Visitors
      • Process Management
        • Flowchart
        • Steps
      • Diagram
        • Mermaid
        • Gantt Chart
        • Stage Flowchart
        • Relation Flowchart
      • Reference Manager
      • Biology
        • Molecular Biology Suite
          • Plasmid Editor
          • Open Vector Editor
        • Microplate
          • 6-Well Plate
          • 12-Well Plate
          • 24-Well Plate
          • 48-Well Plate
          • 96-Well Plate
          • 384-Well Plate
          • Flexible Well Plate
        • Sample Aliquoting
        • Assay
          • ELISA Standard Curve
          • ELISA Qualitative
          • Dose Response Curve
        • Protein
          • MolStar
          • RCSB Saguaro
        • Bioinformatics
          • QUiCKR Analysis
          • CRISPResso2
      • Chemistry
        • Chemical Formats
        • Chemical Drawing
        • Chemical Analysis
        • Chemical Reaction
      • Combination
        • Clinical Genomicist Workstation
      • Productivity
        • ✅Calendars
          • Calendar
          • Scheduling
        • Automation
          • Workflows
        • Ungrouped
          • Storage Map
        • Table of Contents
        • Communication
          • Email Template
          • Notifications
          • Comments
        • Barcode
        • ToDo
        • Timer
      • Report
        • Record Summary
          • Record Summary
        • Data Driven Charts
          • Chart By Category X
          • Chart By Numeric X
        • Custom Input Charts
          • Data Visualizer
    • Dashboard Widgets
      • Labii
      • Shortcut
        • Applications
        • Links
        • Filters
      • Productivity
        • Office
        • Flowchart
        • Section
        • Project Management
          • ✅Tasks
        • Summary
      • ✅Reports
        • Record Summary
          • Record Summary By Date
          • Record Summary By Tables
          • Record Summary By Projects
          • Record Summary By Users
        • Data Driven Charts
          • Chart By Category X
          • Chart By Numeric X
        • Matrix
          • Record Count By Filter
        • Audit
          • Storage Audit
      • Integration
        • Quickbooks
          • Quickbooks Customers
          • Quickbooks Accounts
          • Quickbooks Items
          • Quickbooks Invoices
  • API
    • Concepts
      • How to get token from Labii ELN & LIMS
      • How can I load Labii data from API into DataFrame
    • Methods
      • Authentication
      • Notification
      • Organization
      • Personnel
      • Team
      • Organization Widget
      • Statement
      • Backup
      • Project
      • Member
      • Table
      • Column
      • Filter
      • Row
      • Cell
      • Section
      • Activity
      • Version
      • Visitor
      • Workflow
      • Step
      • Widget
    • Variables
    • SDK
      • API Client (python)
      • API Client (javascript)
      • SDK (python)
      • SDK (javascript)
      • Examples
  • Applications
    • Electronic Lab Notebook
      • ELN for Research and Development
      • ELN for Production
      • ELN for ELISA Data Analysis
      • ELN for Dose Response Curve
    • Process Management
      • ❗Report creating process in diagnosis testing
      • ❗Email follow up process in CRM
      • ❗Management of the purchasing, approval, and ordering processes.
    • Sample Management
      • Sample Receiving
      • Track sample consumption
      • Aliquots Management
    • Equipment Management
      • ❗Equipment Scheduling
      • ❗Equipment Maintenance
    • Inventory Management
      • Barcode System
      • Stock Checkin and Checkout
      • Storage Management
      • ❗Purchase Management
    • Laboratory Information Management System
      • LIMS for Sample Testing
      • LIMS for NGS
    • Customer Relationship Management (CRM)
      • Quickbooks Integration
    • Document Management
    • Chemical Registration
    • Mouse Colony Management
    • Diagnostic Testing
    • Diabetes Tracker
    • Project Management
      • Task Management
      • How to manage research goals
    • Reference Management
    • Training Management
  • Support
    • Overview
    • Documentation
    • YouTube
    • Videos
    • Tickets
    • Chat with us
    • Schedule a meeting
    • Take a survey
    • Resources
    • Download
    • Blogs
    • FAQ
    • Other
      • Guidelines for Preparing Documents on Research Needs for Labii Configuration
Powered by GitBook
On this page
  • Overview
  • List of providers
  • Search providers
  • Filter providers
  • Provider detail
  • Add provider
  • Configure SSO
  • Errors
  1. Admin Guide

Single Sign On

Authenticate users with SSO

PreviousInvoicesNextGoogle G Suite

Last updated 4 months ago

Overview

is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to a connected system or accomplished using the Lightweight Directory Access Protocol and stored LDAP databases on servers.

2.0 (Security Assertion Markup Language) is an XML-based protocol that uses security tokens that contain assertions to pass information about a user between a SAML identity provider and a SAML service provider (SP).

The (System for Cross-domain Identity Management) protocol is an application-level REST protocol for provisioning and managing identity data on the web. The protocol supports creation, discovery, retrieval, and modification of core identity resources.

An identity provider (IdP) is a system that creates, stores, and manages digital identities.

A SAML Service Provider (SP) is a system entity that receives and accepts authentication assertions in conjunction with a Single Sign-On (SSO) profile of the Security Assertion Markup Language (SAML).

Labii ELN & LIMS supports SSO using SAML 2.0 protocol and user provisioning with SCIM 2.0.

List of providers

The list of identify providers can be managed by clicking Settings on the side menu and then clicking SSO. It displays list of providers you added to the platform.

Search providers

You can search a credit by typing a keyword into the search bar in the provider list view, and then clicking Search. The search results can always be cleared by clicking the Clear button.

Filter providers

With the Filter function, you can limit the number of providers displayed. You can do that by clicking Active providers and then selecting a filter from the dropdown. Here are a list of filters:

  • All providers. Filter to display all SSO providers.

  • Active providers. Filter to display the SSO providers that is active.

  • Archived providers. Filter to display the SSO providers that is archived

Provider detail

The details of a provider can be viewed by clicking its name.

A provider typically has these columns:

  • Sid - the id of the provider

  • Name - name of the provider

  • Description - the description of the provider

  • Service provider

    • Acs Url - Assertion Consumer URL. This is an embedded Target process endpoint that is listening for requests from Identity providers.

    • Entity Id - SP Entity ID is usually a URL or other identifier given by the Service Provider (SP) that uniquely identifies it.

  • Information needed from IdP

    • Idp Login Url - The URL set up from IDP to login for the organization.

    • Idp Logout Url - The URL set up from IDP to logout for the organization.

    • Metadata Auto Conf Url - Auto SAML2 metadata configuration URL.

    • Metadata Xml - Paste the XML SAML2 metadata here if your IdP does not provide a link

    • Name Id Format - Set to the string 'None', to exclude sending the 'Format' property of the 'NameIDPolicy' element in authn requests. Default value if not specified is 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'.

    • Attributes Map- Mapping of Django user attributes to SAML2 user attributes.

  • SCIM

    • SCIM Base URL

    • SCIM Bearer Token - In case the administrator of the company leaves the company, please make sure that the bearer token in your IdP is updated.

  • Invoice

    • Purchase Order

    • Invoice

    • Is Paid

Add provider

Provider can be added by the administrator. To do that:

  1. Click the Settings at the side menu, and then select SSO

  2. Click the "+ Add provider" button

  3. A form will be displayed.

  4. Provide the Name of the provider.

  5. Provide Purchase Order number. Leave it empty if no purchase order.

  6. Click Submit button

Clicking the Submit button will take you to the payment page. You will be guided back to Labii once the payment information is provided.

Configure SSO

Once enabled, the configuration of SSO is available in the Settings -> Organization Detail -> Single Sign-On.

Labii as SP (Service Provider):

Use this information in your IdP.

  • acs url - Assertion Consumer URL. This is an embedded Target process endpoint that is "listening" for requests from Identity providers.

  • entity id - SP Entity ID is usually a URL or other identifier given by the Service Provider (SP) that uniquely identifies it.

Information needed from IdP:

  • IdP login url - The URL set up from IDP to login for the organization.

  • IdP logout url - The URL set up from IDP to logout for the organization.

  • Metadata auto conf url - Auto SAML2 metadata configuration URL

  • Name id format - Set to the string 'None', to exclude sending the 'Format' property of the 'NameIDPolicy' element in authn requests. Default value if not specified is 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'.

  • Attributes map - Mapping of Django user attributes to SAML2 user attributes.

SCIM parameters:

  • SCIM Base URL

  • SCIM Bearer Token

The attributes map defaults to:

{
    "email": "email", 
    "username": "username", 
    "last_name": "last_name", 
    "first_name": "first_name"
}

User fields:

  • userType - Set the user type to define the role in Labii:

    • Administrator

    • Readonly

Errors

  • SAML2 is not active - Please contact sales@labii.com or perform the payment through Labii to activate the SAML2.

  • Invalid SAML Response - The SAML response received from your IdP was invalid.

  • Invalid Auth Response - The Auth response received from your IdP was invalid.

  • Invalid User Identify - Check with your IT department to ensure you have been added to the SSO list and that you are allowed to use Labii.

  • Your account has not been activated - You have not activated your account. Click the link in your labii access email to complete the activation. If you cannot find such an email, please check the spam folder or ask your administrator to send it again.

  • Your account does not exist - If you do not have an account, you should ask your administrators to create one for you. Emails must be identical in your identity provider (IDP) and Labii.

  • Incorrect SSO redirect URL - There is a problem with the return URL.

Single sign-on
SAML
SCIM