Working with Single Sign-On authentication

About Single Sign-On Authentication

The goal of federated single sign-on (SSO) authentication is to provide users with secure access across multiple external systems and web applications. Neurons for ITSM supports several standard protocols that help organizations achieve this goal. By using Microsoft Active Directory Federation Services (ADFS) and Security Assertion Markup Language (SAML), customers authenticate to their Neurons for ITSM tenant by using existing Windows Integrated authentication credentials, without entering an additional password.

Single sign-on authentication initially addresses identity management within a network domain or other closed environments. It allows users to sign in once and access multiple applications within the same environment. As Neurons for ITSM adopt cloud-based and external applications, SSO becomes more complex because users access systems that span multiple companies and security domains.

To address these challenges, vendors implement standardized federation protocols that enable interoperability between identity providers and service providers. Federated authentication requires a trust relationship among the principal (the user), the identity provider (initial authentication source), and the service provider (web application).

Open standards based security protocols enable the exchange of authentication and authorization information across security domains, such as between a customer managed identity provider and Neurons for ITSM as the service provider. When a user requests access, the identity provider passes an authentication token to the application. These protocols do not depend on how the user initially authenticates.

ADFS is a claims-based identity solution that uses Active Directory Domain Services to authenticate users and issue security tokens containing identity claims. Federation servers in both security domains exchange tokens without storing usernames or passwords. Users sign in once with their username, and the system grants access without requiring direct authentication to the application.

SAML uses a web browser based exchange between an identity provider and a service provider to grant application access. ADFS acts as the identity provider within the customer’s domain, while Neurons for ITSM functions as the service provider.

To set up ITSM users for authentication via the Neurons Platform, refer to Setting up ITSM users for authentication via the Neurons Platform and Authentication. This feature is Early Access only and may not be available in your environment. For more information, please contact your Customer Success Manager.

To delete SSO login credentials after logout, set the logoutWithProvider global constant to true. For more information, see List of Global Constants. Starting with Release 2026.1, credentials are not saved by default after logout.