SSO Implementation Guide for Juvare Clients

This guide outlines what your organization must do to prepare and what steps must be completed during the SSO (Single Sign-On) integration process with Juvare.

Your Unified Command Platform Instance must have already been migrated to Juvare Login Services (JLS) before SSO configuration and setup can occur.

Step 1: Determine the Hosting and Authentication Method

  1. Choose which authentication method your organization will use:

    • OpenID Connect (OIDC): Recommended for easier set up and long-term management

    • SAML 2.0: Preferred by some larger organizations for enhanced security

  2. Review the comparison document provided by Juvare to help make this decision.

Step 2: Complete and Return the Required Intake Form

Your PM will send you this form. Please complete it in its entirety and return it to them.

Fill out and return the appropriate intake form based on your chosen method:

  • For OIDC: JLS IdP Integration Intake Form (OIDC)

  • For SAML: JLS IdP Integration Intake Form (SAML2)

These forms will ask you to provide the following:

  • Technical point(s) of contact, including names and email addresses

  • Your domain name (for example, @agency.gov)

  • Metadata file or well-known configuration details

  • Claim mappings (email, first name, last name)

  • Authentication endpoint information

  • A test user account that has a Unified Command Platform account

Step 3: Prepare Your Identity Provider (IdP)

  1. Add your Unified Command Platform site URL as a Service Provider Profile in your IdP system.

    If using SAML, ensure the certificate used has a unique Common Name. Do not use the default Azure certificate.

  2. Confirm the redirect URI is set appropriately:

    • US: https://login.juvare.com/oauth2/v1/authorize/callback

    • APAC: https://login-apac.juvare.com/oauth2/v1/authorize/callback

    • EU: https://login-eu.juvare.com/oauth2/v1/authorize/callback

Step 4: Define SSO Behavior

Decide how you want users to be authenticated:

  • Should all users go through SSO only?

  • If a user doesn’t exist, should access be denied, should the user be redirected to standard login, or should the user be allowed to self-register?

    Provide any preferred error messages or redirect URLs for users denied access.

Step 5: Testing and Go-Live

  1. Once your setup is ready and intake information is submitted, Juvare SysOps will review and the Juvare PM will coordinate to schedule the integration.

  2. Work with the Juvare team during testing to validate user access and confirm proper claim mappings.

  3. Verify that users can successfully log in using SSO.

  4. If issues occur, provide logs or screenshots as requested so that SysOps and the PM can coordinate and resolve the issues.