SSO - Single Sign-on

SSO (Single Sign-On) is s an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.
In other words, SSO is the capability of a system to share login credentials with another system.
The benefits of using SSO are the following:

  • You need to remember fewer passwords.
  • Simplifies username and password management for admins.
  • Reduces security risks for organizations, members and partner entities customers, vendors, and partner entities.
  • Increases speed to login and eases the onboarding on new applications.

Types of SSO that we support

The SSO functionality enables OfficeRnD Members or Admins to log in to the Members Portal and Member Apps or in the Admin Portal using a single SSO provider.

Currently we support:

  • SSO for Member Tools - this enables OfficeRnD Members to log in to their organization using SSO provider.
  • SSO for the Admin Portal - this enables your admin team to log into the admin site using an SSO provider of your choice.

The most commonly used external SSO providers by our clients are OKTA, Google’s GSuite, and Office365 (Azure).

Differences Between Admin and Member SSO

As a configuration setup, both functionalities are identical. There is one main difference, however, which you will notice as a checkbox under each config - the Account Activation or Enforcing SSO.

Admin SSO - if the Enforcing SSO is enabled, this will enforce SSO for every Teammate in your organization. If left disabled, you will have a combination of SSO login and the standard OfficeRnD login for your admin team.

  • Enforcing means that you’ll lock out everyone and they will need to use the external SSO to login.
  • Please make sure that the input from the authentication provider links are correct before enforcing.
  • Please make sure that you’ve saved the links we provide that you need to add to the auth provider (*You’ll receive emails with links just in case).
  • Good practice: Make sure you’ve logged in successfully with SSO at least once before you enforce the SSO login.

Members SSO - With Account Activation setting enabled - members that exist in OfficeRnD will be allowed to log into the Members Portal without needing to be explicitly invited - no Welcome email will be needed but just a link to your Members portal. If this setting is disabled - members will have to be invited by your Admin team.

General Setup

You can set up SSO with every OIDC-compatible provider. Below you can find general setup steps that are applicable for most of the providers. 
  • Log in to your identity provider account.
  • Navigate to your applications.
  • Create a new application for OfficeRnD.
  • To get the Base and Return URL go to Settings/Integrations/Members SSO Authentication or Admins SSO Authentication -> Configure
  • Copy the Client ID, Client Secret and Discovery URL from your identity provider, and paste them into the corresponding fields in the Members SSO Authentication or Admins SSO Authentication configuration panel in OfficeRnD.
  • Choose a Title which will appear on the login button - “Login with {Title}”
  • Click Update.
  • Your SSO is up and running!

How to Set Up SSO with Specific Providers

How to Test

The SSO is configured from "Settings"-> "Integrations"-> "Authentication" -> "Members SSO Authentication" or "Admins SSO Authentication" . This example applies to using Google as an SSO provider.

After the successful activation of the SSO, the customer/admin will see only one button on the login page of the Member Portal and Member Apps or the Admin Portal  - “Login with Google”.
By clicking the button the customer will be redirected directly to the authentication page of the provider.

Note: The activation of the SSO for Member Tools disables:
- The standard login with OfficeRnD user and password
- The Public Calendar Page and Sign-up Page
- Reset password links
- Token for auth in the invite to portal email (Welcome email)

Please follow the steps below in order to configure your integration:

  1. Navigate to https://console.developers.google.com/?pli=1 and log in with your Google (Gmail account).

  2. Create a New Project from Select a Project: New Project -https://console.developers.google.com/projectcreate
    1.png

  3. Go to OAth consent screen and select External
    2.png

  4. Set App name → Enter your e-mail in the User support mail field and the Developer contact information field → Click Save and Continue
    3.png
    4.png

  5. Click the Add or Remove Scopes button and select all scopes → Update

  6. Go to Credentials -> Create Credentials -> OAuth Client ID

  7. Choose Application Type -> Web Application

  8. Set Application Name

  9. Click the ADD URL button under the Authorized redirect URL

  10. Copy the Return URL from OfficeRnD in the field and click Create
    mceclip0.png

  11. Copy and Paste the Client ID and Client Secret in the respective fields in the Authentication Integration in OfficeRnD
    8.png
    mceclip1.png

  12. In the Authentication Integration in OfficeRnD Set Discovery URL following the guidelines in this article OR use this one.

  13. Choose whether to use Account Activation or not.
  14. Set the Title to Google and click Update.

Was this article helpful?
3 out of 3 found this helpful

Comments

0 comments

Please sign in to leave a comment.