With the Compliance Module, KaiNexus supports SAML 2.0 to limit attacks from phishing schemes and make participation as easy as possible for everyone.
What is SAML?
SAML is an acronym used to describe the Security Assertion Markup Language (SAML). It enables you to access multiple web applications using one set of login credentials. It works by passing authentication information in a particular format between two parties, usually an identity provider (idP) and a web application (in this case, KaiNexus).
SAML works by exchanging user information, such as logins, authentication state, identifiers, and other relevant attributes between the identity and service provider. As a result, it simplifies and secures the authentication process as the user only needs to log in once with a single set of authentication credentials. So, when the user tries to access a site, the identity provider passes the SAML authentication to the service provider, who then grants the user entry.
What is SSO?
Single Sign-On (SSO) is an authentication service that enables a User to use one set of login credentials (for example, a name and password) to access multiple applications. KaiNexus supports all SAML 2.0 SSO providers, such as Okta, Microsoft Azure, and ADFS.
SAML Single Sign-On is a mechanism that leverages SAML, allowing users to log on to multiple web applications after logging into the identity provider. As the user only has to log in once, SAML SSO provides a faster, seamless user experience.
SAML SSO is easy to use and more secure from a user perspective as they only need to remember one set of user credentials. It also provides fast and seamless access to a site as every application they access does not prompt them to enter a username and password. Instead, the user logs into the identity provider and then accesses the relevant web application by clicking on its icon or navigating to the site via its URL.
SSO Error Messages
You may receive either of the following SSO error messages when logging into KaiNexus:
- “An error occurred while authenticating with your SSO provider. Learn more.”
- "You can't use KaiNexus just yet. The username provided by your organization's authentication system did not match a user in KaiNexus. This usually means that your KaiNexus account has not been set up."
EXAMPLE: Stark Industries uses SSO to log in to multiple applications, like J.A.R.V.I.S. and Veronica. Tony Stark's username at Stark Industries is 'Ironman', but his KaiNexus username is email@example.com. When Mr. Stark tries to log in to KaiNexus, he receives an SSO error because his credentials are different and therefore, unable to communicate.
Our best suggestion is to reach out to your admin/IT team and see if they can confirm that the NameID being passed from your IdP to KaiNexus matches your Username within KaiNexus. If your credentials do not match, your team will have to update your KaiNexus Username and that should fix the login issue.
However, if your admin/IT team confirms that your credentials match and you're still receiving this error, submit a support ticket and we'll see if there is a deeper issue.