Full access to customer 'organization' including User Management
The platform allows ‘Administrator’ user to add new users and manage existing users. All users in the system are visible in the single list. It is possible to filter the list by role or use a search box to search names or emails.
When a user is created, a name and an email address must be provided (email is also used as User Name). A user should be assigned to a Role. Upon creation, the user will receive a signup email that would allow him or her to set password. The email also includes important login information.
Users are always ‘activated’ when they are created.
When a user is edited, it is possible to change his or her name and Role. It is not possible to change the email address of the user. Additional options include:
Forcing a user to change the password on next login while maintaining his current credentials active.
Reset password option that would invalidate current user credentials and send him an email to ‘reset password’.
Organization Security Settings
Password Security Settings
This feature allows you to set organization-wide security settings such as minimum password length and different character classes required for a secure password.
Furthermore, it is possible to enforce a periodic password change. Setting this parameter to 0 would disable password change enforcement.
It is also possible to control the enforcement of ‘Password History’ tracking and the number of passwords remembered. Currently, by default, 3 last passwords are remembered by the system. Setting this parameter to 0 would disable ‘Password History’ tracking.
Single Sign-On Settings
You can also configure optional SSO integration with OKTA (Okta Simplified) or SAML. If you configure SSO integration you will not need to manually create users in Mintigo and you can rely on your SSO provider for management of passwords and user lifecycle.
OKTA Simplified SSO
To use OKTA Simplified SSO, you first need to perform configuration changes in OKTA and then in Mintigo platform. Please follow the steps below.
How to set up the integration on OKTA side:
Under admin console, go to Applications.
Click “Add Application” -> “Create New App”.
Platform: Single Page App (SPA), Sign on method: OpenID Connect.
“Login initiated by” – select “Either OKTA or App”.
Check “Display application icon to users”.
Login flow – choose “Send ID Token directly to app (OKTA Simplified).
Scopes – choose Email, Groups, Profile.
Note the Client ID, you will need it in the configuration screen in the Predictive Insights platform, as described below.
Click “Assignments” tab. Make sure that the app is assigned to the relevant employees in your organization.
Continue configuration in Mintigo Platform.
Configuration in Mintigo:
The platform will let you auto-register users that login via OKTA and they will receive default user role as configured in this screen.
To configure OKTA Simplified SSO, go to Single Sign-On tab, enable Single Sign-On choose OKTA from provider drop-down. Then define the following settings:
Issuer URL is your OKTA URL, for example, yourbiz.okta.com. Client ID is the OKTA application (chiklet)’s Client ID that you have generated above. If you do not have it handy, it appears in application settings in OKTA under Client Credentials section.
Default Role for Auto-Provisioned users is the default role that users that were logged in via OKTA will receive if they were not provisioned before.
Note: please note that chiklet for OKTA has to be manually created by user with relevant permissions in OKTA.
Please save to apply the configuration.
SAML Based SSO
The platform will let you auto-register users that login via SAML IdP and they will receive default user role as configured in this screen.
To configure SAML based SSO, go to Single Sign-On tab, enable Single Sign-On choose SAML from provider drop-down. Then, you will be presented with a list of settings relevant for this type of integration.
‘Mintigo Entity ID’ should be copied into ‘Entity ID’ field in your SAML ldP configuration page.
‘Mintigo ACS’ URL should be copied into ‘ACS URL’ in your SAML ldP configuration page.
‘SSO Direct Link’ field should be copied into ‘Start URL’ field in your SAML ldP configuration page.
The following parameters need to be provided:
‘Entity ID’ URL from your SAML configuration page should be copied into ‘ldP
Entity ID’ field in the settings page.
Please upload Certificate and IdP Metadata XML
Default Role for Auto-Provisioned users is the default role that users that
were logged in via SAML will receive if they were not provisioned before.
Important: When defining your SSO application on the IdP, you must make sure that the following claims are passed: