SSO - Single Sign-on

Introduction

SSO (Single Sign-On) is s an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

In other words, SSO is the capability of a system to share login credentials with another system.
The benefits of using SSO are the following:

  • You need to remember fewer passwords.
  • Simplifies username and password management for admins.
  • Reduces security risks for organizations, members, partner entities customers, vendors, and partner entities.
  • Increases speed to login and eases the onboarding of new applications.

Types of SSO that we support

The SSO functionality enables OfficeRnD Members or Admins to log in to the Members Portal and Member Apps or in the Admin Portal using a single SSO provider.

Currently, we support:

  • SSO for Member Tools - this enables OfficeRnD Members to log in to their organization using an SSO provider.
  • SSO for the Admin Portal - this enables your admin team to log into the admin site using an SSO provider of your choice.

The most commonly used external SSO providers by our clients are OKTA, Google’s GSuite, and Office365 (Azure).

Differences Between Admin and Member SSO

As a configuration setup, both functionalities are identical. There is one main difference, however, which you will notice as a checkbox under each config - the Account Activation or Enforcing SSO.

Admin SSO - if the Enforcing SSO is enabled, this will enforce SSO for every Teammate in your organization. If left disabled, you will have a combination of SSO login and the standard OfficeRnD login for your admin team.

  • Enforcing means that you’ll lock out everyone and they will need to use the external SSO to log in.
  • Please make sure that the input from the authentication provider links is correct before enforcing.
  • Please make sure that you’ve saved the links we provide that you need to add to the auth provider (*You’ll receive emails with links just in case).
  • Good practice: Make sure you’ve logged in successfully with SSO at least once before you enforce the SSO login.

Members SSO - With the Account Activation setting enabled, members that exist in OfficeRnD will be allowed to log into the Members Portal without needing to be explicitly invited. No Welcome email will be needed, just a link to your Members portal. If this setting is disabled, members will have to be invited by your Admin team.

General Setup

You can set up SSO with every OIDC-compatible provider. Below you can find general setup steps that are applicable to most of the providers. 
  • Log in to your identity provider account.
  • Navigate to your applications.
  • Create a new application for OfficeRnD.
  • To get the Base and Return URLgo to Settings/Integrations/Members SSO Authentication or Admins SSO Authentication/Configure.
  • Copy the Client ID, Client Secret, and Discovery URL from your identity provider, and paste them into the corresponding fields in the Members SSO Authentication or Admins SSO Authentication configuration panel in OfficeRnD.
  • Choose a Title that will appear on the login button - “Login with {Title}”
  • Click Update.
  • Your SSO is up and running!

How to Set Up SSO with Specific Providers

How to Test

The SSO is configured from Settings/Integrations/Authentication/Members SSO Authentication or Admins SSO Authentication. This example applies to using Google as an SSO provider.

After the successful activation of the SSO, the customer/admin will see only one button on the login page of the Member Portal and Member Apps or the Admin Portal  - Login with Google.
By clicking the button, the customer will be redirected directly to the authentication page of the provider.

Note: The activation of the SSO for Member Tools disables:
- The standard login with OfficeRnD user and password
- The Public Calendar Page and Sign-up Page
- Reset password links
- Token for auth in the invite to portal email (Welcome email)

Please follow the steps below in order to configure your integration:

  1. Navigate to https://console.developers.google.com/?pli=1 and log in with your Google (Gmail account).

  2. Create a New Project from Select a Project: New Project -https://console.developers.google.com/projectcreate
    1.png

  3. Go to OAth consent screen and select External
    2.png

  4. Set App name → Enter your e-mail in the User support mail field and the Developer contact information field → Click Save and Continue
    3.png
    4.png

  5. Click the Add or Remove Scopes button and select all scopes → Update

  6. Go to Credentials -> Create Credentials -> OAuth Client ID

  7. Choose Application Type -> Web Application

  8. Set Application Name

  9. Click the ADD URL button under the Authorized redirect URL

  10. Copy the Return URL from OfficeRnD in the field and click Create.

    mceclip0.png

  11. Copy and Paste the Client ID and Client Secret in the respective fields in the Authentication Integration in OfficeRnD.

    8.png
    mceclip1.png

  12. In the Authentication Integration in OfficeRnD Set Discovery URL by following the guidelines in this article OR use this one.

  13. Choose whether to use Account Activation or not.
  14. Set the Title to Google and click Update.

Was this article helpful?
3 out of 3 found this helpful
Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.