Nexonia offers both IdP-initiated SAML SSO (for SSO access through the Idaptive User Portal) and SP-initiated SAML SSO (for SSO access directly through the Nexonia web application). The following is an overview of the steps required to configure the Nexonia Web application for single sign-on (SSO) via SAML.

  1. Prepare for Nexonia single sign-on (see Nexonia requirements for SSO).

  2. In the Idaptive Admin Portal, add the application and configure application settings.

    Once the application settings are configured, complete the user account mapping and assign the application to one or more roles. For details, see Configuring Nexonia in Admin Portal.

  3. Configure the Nexonia application for single sign-on.

    To configure Nexonia for SSO, access the Nexonia website and configure SSO settings. For details, see Configuring Nexonia on its web site.

After you are done configuring the application settings in the Admin Portal and the Nexonia application, users are ready to launch the application from the Idaptive User Portal.

Nexonia requirements for SSO

Before you configure the Nexonia web application for SSO, you need the following:

  • An active Nexonia account with administrator rights for your organization.

  • A signed certificate.

  • You can either download one from Admin Portal or use your organization’s trusted certificate.

Setting up the certificates for SSO

To establish a trusted connection between the web application and the Idaptive Identity Service, you need to have the same signing certificate in both the application and the application settings in Admin Portal.

If you use your own certificate, you upload the signing certificate and its private key in a .pfx or .p12 file to the application settings in Admin Portal. You also upload the public key certificate in a .cer or .pem file to the web application.

What you need to know about Nexonia

Each SAML application is different. The following table lists features and functionality specific to Nexonia.



Support details

Web browser client



Mobile client


Nexonia mobile applications do not support SSO. Users in a role with the SSO setting SSO logins only are prompted to configure a Mobile Password when launching the application on a mobile device.

SAML 2.0



SP-initiated SSO



IdP-initiated SSO



Force user login via SSO only

See Support details.

Users in a role with SSO set to SSO logins only are forced to log in to the application via SSO only.

Users in a role with SSO set to Both regular logins and SSO logins, are not forced to log in to the application via SSO only. These users can also log in to the application using their user name and password credentials.

Separate administrator login
after SSO is enabled



User or Administrator account lockout risk


Since there is no backdoor URL, it is a good idea to create an administrator account to allow administrator access to the account using a password if needed.

Automatic user provisioning



Multiple User types


The following SSO access can be set for Admin/User roles:

Regular logins only

SSO logins only

Both regular logins and SSO logins

Self-service password



Access restriction using a corporate IP range


You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.

Configuring Nexonia in Admin Portal

It is helpful to open Idaptive Admin Portal Application Settings and the Nexonia web application simultaneously to copy and paste settings between the two browser windows. For information on how to access the Nexonia web application, see Configuring Nexonia on its web site.


Configuring Nexonia on its web site

Nexonia provisioning

SCIM (System for Cross-domain Identity Management) is an open standard for automating the exchange of user identity information between identity domains, or IT systems. It can be used to automatically provision and deprovision accounts for users in external systems such as your custom SAML app. For more information about SCIM, see

If your Nexonia application supports SCIM, you can set it up to enable provisioning by entering the Access Token and SCIM URL.

For more information about provisioning your app, see Provision accounts with SCIM.

For more information about Nexonia

For more information about configuring Nexonia for SSO, contact Nexonia Customer Support.