Introduction
SSO (Single Sign-On) is s an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.
In other words, SSO is the capability of a system to share login credentials with another system.
The benefits of using SSO are the following:
- You need to remember fewer passwords.
- Simplifies username and password management for admins.
- Reduces security risks for organizations, members, partner entities customers, vendors, and partner entities.
- Increases speed to login and eases the onboarding of new applications.
Types of SSO that we support
The SSO functionality enables OfficeRnD Members or Admins to log in to the Members Portal and Member Apps or in the Admin Portal using a single SSO provider.
Currently, we support:
- SSO for Member Tools - this enables OfficeRnD Members to log in to their organization using an SSO provider.
- SSO for the Admin Portal - this enables your admin team to log into the admin site using an SSO provider of your choice.
The most commonly used external SSO providers by our clients are OKTA, Google’s GSuite, and Office365 (Azure).
Differences Between Admin and Member SSO
As a configuration setup, both functionalities are identical. There is one main difference, however, which you will notice as a checkbox under each config - the Account Activation or Enforcing SSO.
Admin SSO - if the Enforcing SSO is enabled, this will enforce SSO for every Teammate in your organization. If left disabled, you will have a combination of SSO login and the standard OfficeRnD login for your admin team.
- Enforcing means that you’ll lock out everyone and they will need to use the external SSO to log in.
- Please make sure that the input from the authentication provider links is correct before enforcing.
- Please make sure that you’ve saved the links we provide that you need to add to the auth provider (*You’ll receive emails with links just in case).
- Good practice: Make sure you’ve logged in successfully with SSO at least once before you enforce the SSO login.
Members SSO - With the Account Activation setting enabled, members that exist in OfficeRnD will be allowed to log into the Members Portal without needing to be explicitly invited. No Welcome email will be needed, just a link to your Members portal. If this setting is disabled, members will have to be invited by your Admin team.
General Setup
- Log in to your identity provider account.
- Navigate to your applications.
- Create a new application for OfficeRnD.
- To get the Base and Return URL, go to Settings/Integrations/Members SSO Authentication or Admins SSO Authentication/Configure.
- Copy the Client ID, Client Secret, and Discovery URL from your identity provider, and paste them into the corresponding fields in the Members SSO Authentication or Admins SSO Authentication configuration panel in OfficeRnD.
- Choose a Title that will appear on the login button - “Login with {Title}”
- Click Update.
- Your SSO is up and running!
How to Set Up SSO with Specific Providers
- Setting up SSO with OKTA
- Setting up SSO with Google Custom Domain
- Setting up SSO with Salesforce
- Setting up SSO with Azure AD B2C
How to Test
The SSO is configured from Settings/Integrations/Authentication/Members SSO Authentication or Admins SSO Authentication. This example applies to using Google as an SSO provider.
After the successful activation of the SSO, the customer/admin will see only one button on the login page of the Member Portal and Member Apps or the Admin Portal - Login with Google.
By clicking the button, the customer will be redirected directly to the authentication page of the provider.
- The standard login with OfficeRnD user and password
- The Public Calendar Page and Sign-up Page
- Reset password links
- Token for auth in the invite to portal email (Welcome email)
Please follow the steps below in order to configure your integration:
-
Navigate to https://console.developers.google.com/?pli=1 and log in with your Google (Gmail account).
-
Create a New Project from Select a Project: New Project -https://console.developers.google.com/projectcreate
-
Go to OAth consent screen and select External
-
Set App name → Enter your e-mail in the User support mail field and the Developer contact information field → Click Save and Continue
-
Click the Add or Remove Scopes button and select all scopes → Update
-
Go to Credentials -> Create Credentials -> OAuth Client ID
-
Choose Application Type -> Web Application
-
Set Application Name
-
Click the ADD URL button under the Authorized redirect URL
-
Copy the Return URL from OfficeRnD in the field and click Create.
-
Copy and Paste the Client ID and Client Secret in the respective fields in the Authentication Integration in OfficeRnD.
-
In the Authentication Integration in OfficeRnD Set Discovery URL by following the guidelines in this article OR use this one.
- Choose whether to use Account Activation or not.
-
Set the Title to Google and click Update.
Comments
Please sign in to leave a comment.