SSO (Single Sign-On) is s an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.
In other words, SSO is the capability of a system to share login credentials with another system.
The benefits of using SSO are the following:
- You need to remember fewer passwords.
- Simplifies username and password management for admins.
- Reduces security risks for organizations, members and partner entities customers, vendors, and partner entities.
- Increases speed to login and eases the onboarding on new applications.
Types of SSO that we support
The SSO functionality enables OfficeRnD Members or Admins to log in to the Members Portal and Member Apps or in the Admin Portal using a single SSO provider.
Currently we support:
- SSO for Member Tools - this enables OfficeRnD Members to log in to their organization using SSO provider.
- SSO for the Admin Portal - this enables your admin team to log into the admin site using an SSO provider of your choice.
The most commonly used external SSO providers by our clients are OKTA, Google’s GSuite, and Office365 (Azure).
Differences Between Admin and Member SSO
As a configuration setup, both functionalities are identical. There is one main difference, however, which you will notice as a checkbox under each config - the Account Activation or Enforcing SSO.
Admin SSO - if the Enforcing SSO is enabled, this will enforce SSO for every Teammate in your organization. If left disabled, you will have a combination of SSO login and the standard OfficeRnD login for your admin team.
- Enforcing means that you’ll lock out everyone and they will need to use the external SSO to login.
- Please make sure that the input from the authentication provider links are correct before enforcing.
- Please make sure that you’ve saved the links we provide that you need to add to the auth provider (*You’ll receive emails with links just in case).
- Good practice: Make sure you’ve logged in successfully with SSO at least once before you enforce the SSO login.
Members SSO - With Account Activation setting enabled - members that exist in OfficeRnD will be allowed to log into the Members Portal without needing to be explicitly invited - no Welcome email will be needed but just a link to your Members portal. If this setting is disabled - members will have to be invited by your Admin team.
General Setup
- Log in to your identity provider account.
- Navigate to your applications.
- Create a new application for OfficeRnD.
- To get the Base and Return URL go to Settings/Integrations/Members SSO Authentication or Admins SSO Authentication -> Configure
- Copy the Client ID, Client Secret and Discovery URL from your identity provider, and paste them into the corresponding fields in the Members SSO Authentication or Admins SSO Authentication configuration panel in OfficeRnD.
- Choose a Title which will appear on the login button - “Login with {Title}”
- Click Update.
- Your SSO is up and running!
How to Set Up SSO with Specific Providers
- Setting up SSO with OKTA
- Setting up SSO with Google Custom Domain
- Setting up SSO with Salesforce
- Setting up SSO with Azure AD B2C
How to Test
The SSO is configured from "Settings"-> "Integrations"-> "Authentication" -> "Members SSO Authentication" or "Admins SSO Authentication" . This example applies to using Google as an SSO provider.
After the successful activation of the SSO, the customer/admin will see only one button on the login page of the Member Portal and Member Apps or the Admin Portal - “Login with Google”.
By clicking the button the customer will be redirected directly to the authentication page of the provider.
- The standard login with OfficeRnD user and password
- The Public Calendar Page and Sign-up Page
- Reset password links
- Token for auth in the invite to portal email (Welcome email)
Please follow the steps below in order to configure your integration:
-
Navigate to https://console.developers.google.com/?pli=1 and log in with your Google (Gmail account).
-
Create a New Project from Select a Project: New Project -https://console.developers.google.com/projectcreate
-
Go to OAth consent screen and select External
-
Set App name → Enter your e-mail in the User support mail field and the Developer contact information field → Click Save and Continue
-
Click the Add or Remove Scopes button and select all scopes → Update
-
Go to Credentials -> Create Credentials -> OAuth Client ID
-
Choose Application Type -> Web Application
-
Set Application Name
-
Click the ADD URL button under the Authorized redirect URL
-
Copy the Return URL from OfficeRnD in the field and click Create
-
Copy and Paste the Client ID and Client Secret in the respective fields in the Authentication Integration in OfficeRnD
-
In the Authentication Integration in OfficeRnD Set Discovery URL following the guidelines in this article OR use this one.
- Choose whether to use Account Activation or not.
-
Set the Title to Google and click Update.
Comments
Please sign in to leave a comment.