Logo
Become a Client

If your organization uses Single Sign-On (SSO) and you want your users to authenticate to IDC applications with your own Identity Provider (IdP), IDC supports SAML 2.0 integration. Setting up SAML SSO requires coordination between your team and IDC. Here’s a quick overview of the steps:

1.Initiate SSO Setup with IDC

Reach out to your IDC representative or IDC support (IDC_support@idc.com ) to request SAML SSO integration for your company. IDC will assign your organization a unique company code and prepare the IDC SAML Service Provider (SP) metadata for you. Typically, IDC will provide you with two metadata URLs or files – one for the IDC test environment and one for production – in the format:

    • Test SP Metadata: https://saml.idc.com/saml-metadata/
    • Production SP Metadata: https://www.idc.com/saml-metadata/

You should also supply IDC with your IdP’s metadata (or at least the IdP Entity ID and SSO endpoint) so they can configure the trust on their side.
As part of the setup provide IDC with a list of email addresses to be notified when there will be any changes in the SSO integration technology or protocol.
Please note that IDC will be moving to FrontEgg implementation as of Jan 1, 2026.

2. Configure Your Identity Provider

Using the IDC metadata, set up a new Relying Party Trust (in ADFS) or SAML App (in Okta, Azure AD, etc.) for IDC. This typically involves:

  • Importing the IDC SP metadata file/URL in your IdP setup (this provides IDC’s Entity ID, ACS URL, and certificate).
  • Setting a display name like “IDC SSO” for easy identification.
  • Permitting appropriate users or roles to use this SSO integration (e.g., in ADFS choose “Permit all users to access this relying party” during setup).
  • SAML Attribute Mapping: Configure the claims/attributes your IdP will send to IDC. IDC requires the following user information in the SAML Response:
    • A unique user identifier as the SAML NameID (either in persistent format or an email address format).
    • The user’s email address (SAML attribute with name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress).
    • The user’s given name (attribute …/givenname).
    • The user’s surname (family name attribute …/surname).

In ADFS, for example, you would create a rule to send LDAP attributes as claims (mapping AD’s E-Mail-Addresses to the email claim, Given-Name to givenname, Surname to surname), and another rule to transform an attribute into the NameID claim (e.g., transform Windows account name or email into NameID). Ensure the NameID format is one of the allowed formats (persistent, email, or unspecified as per IDC requirements).

3. Test the SSO Integration (SP-Initiated)

Once IDC confirms that your IdP metadata is configured on their side, you can test the login flow. A convenient way to test is via SP-initiated login:

  • Open a browser and go to the IDC SAML SSO initiation URL for your company. IDC will provide a link such as https://saml.idc.com/saml-welcome/ which triggers an SP-initiated login for the test environment. (For production, the URL might be https://www.idc.com/saml-welcome/.)
  • This should redirect your browser to your IdP’s login page. After you enter your credentials at your IdP, the IdP will send a SAML Response back to IDC. If everything is configured correctly, you will be logged into the IDC application.
  • Verify that the logged-in user details (name, email) appear correctly in IDC’s application. If any required attributes were missing, you may encounter an error. For example, if NameID was not sent, IDC will reject the login. If given name/surname were missing, IDC will temporarily fill them from the email (leading to a repeated name) – this is a sign to fix your attribute mapping.

4. Test IdP-Initiated Login (Optional)

IDC also supports IdP-initiated SSO. This means a user can start from your IdP’s portal (for example, clicking an “IDC” application icon which generates a SAML Response to IDC). The exact method depends on your IdP. You can test this by initiating a SAML login from your IdP side to the IDC SP. If configured properly, IDC will accept the SAML Response and log the user in. (Note: IDC’s setup can handle IdP-initiated logins, but since IDC provides easy SP-initiated links, IdP-init is not strictly necessary for most cases.)

5. Go Live

Coordinate with IDC to roll the integration into production. After successful testing, IDC will enable SSO on the production environment with your settings. Once SSO is live, IDC can disable the classic username/password login for your users to ensure all authentication goes through your IdP (this is often done within a month of SSO go-live). From then on, if a user accidentally tries to log in via IDC’s standard login page, they’ll be redirected or prompted to use SSO instead, improving security and user experience.

Following these steps, your users will enjoy a seamless Single Sign-On experience: they can use your corporate credentials to access IDC without managing separate passwords. Detailed guidance for SAML integration (including specific ADFS configuration and attribute requirements) is provided in the SAML SSO Integration section. If you need additional help, IDC’s technical team is available to assist with SSO configuration.