Knowledge Center

Application

On the Application page, you can add, edit, and remove SSO application profiles. This article will guide you through these operations.

Before you start

Before adding applications (hereafter "apps"), make sure you have configured the following:

  1. Set up a server URL at SSO Server > General Settings.
  2. Enable SSO protocols at SSO Server > Service.

Add an application

OIDC

  1. Click Add.
  2. Select OIDC and click Next.
  3. Enter the following information:
    • Application name
    • Redirect URI:1 The client app's URL to which SSO Server redirects users after confirming authentication requests. You can click Add Field and fill in up to 10 redirect URIs.
  4. Confirm your settings and click Done. Your OIDC app profile is now added to SSO Server.
  5. Select the app profile and click Edit. Copy the following information to your client app's admin portal:
    • Application ID: The unique identifier of your client app. This is often referred to as the Client ID.
    • Application secret: The private key (also called Client Secret) that is only known to SSO Server and your client app. It allows your app to authenticate to SSO Server.
  6. Go to SSO Server > Service > OIDC. Copy the Well-known URL to your client app's admin portal.
  7. Use the following steps to verify that OIDC is working:
    1. Open a private browser window.
    2. Go to your client app's login portal and select SSO as your authentication method. The Synology's SSO login page will pop up.
    3. Enter the login credentials of a user that has access to SSO services. If OIDC works, you will be signed in to your app.

SAML

  1. Click Add.
  2. Select SAML and click Next.
  3. Enter the following information:
    • Application name
    • Redirect URI:1 The client app's URL to which SSO Server redirects users after confirming SAML assertions. This is often referred to as the Assertion Consumer Service URL or ACS URL.
    • Application ID: The unique identifier of your client app. This is often referred to as the SP Entity ID or Audience URI.
    • Name ID format: Determines the format of name IDs in SAML assertions. Select Unspecified unless your client app requires a specific format.
    • Default name ID: Defines the default value used for identifying users on your app. This will be used in a SAML assertion's Subject statement.
    • Attribute (Optional): Map attributes to link the users of Synology's SSO Server and your client app. You can skip this step unless your app requires additional user information.
  4. Confirm your settings and click Done. Your SAML app profile is now added to SSO Server.
  5. Go to SSO Server > Service > SAML. Copy the SSO Server's information (e.g., IdP single sign-on URL) to your client app's admin portal.
  6. Use the following steps to verify that SAML is working:
    1. Open a private browser window.
    2. Go to your client app's login portal and select SSO as your authentication method. The Synology's SSO login page will pop up.
    3. Enter the login credentials of a user that has access to SSO services. If SAML works, you will be signed in to your app.

Synology SSO

  1. Click Add.
  2. Select Synology SSO and click Next.
  3. Enter the following information:
    • Application name
    • Redirect URI:1 The client app's URL to which SSO Server redirects users after confirming authentication requests.
  4. Confirm your settings and click Done. Your Synology SSO app profile is now added to SSO Server.
  5. Copy the following information to your Synology NAS that acts as an SSO client.
    • Server URL: Find it at SSO Server > General Settings.
    • Application ID: To get this information, go to SSO Server > Application. Select your app and click Edit.
  6. Use the following steps to verify that Synology SSO is working:
    1. Open a private browser window.
    2. Go to the portal of your client app (e,g., Synology Drive) and select SSO as your authentication method. The Synology's SSO login page will pop up.
    3. Enter the login credentials of a user that has access to SSO services. If Synology SSO works, you will be signed in to your app.

Edit an application

  1. Select an app and click Edit.
  2. After editing the settings, click Apply to save the changes.2

Remove an application

  1. Select an app and click Remove.3
  2. Click Remove again in the pop-up window. Please note that this operation is irreversible.

Note:

  1. The redirect URI should conform to the following rules:
    • Use the same protocol (i.e., HTTP or HTTPS) as your SSO Server.
    • Use a domain name that can be accessed over HTTPS and has a valid TLS certificate. The redirect URI cannot be an IP address or a QuickConnect address.
  2. If you edit the Redirect URI or Application secret, make sure to update these settings on your client apps.
  3. You can select multiple apps by pressing and holding the Ctrl or Shift key.
Before you start
Add an application
OIDC
SAML
Synology SSO
Edit an application
Remove an application