Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites using just one set of credentials.
In other words, SSO is the capability of a system to share login credentials with another system.
The benefits of using SSO are the following:
- You need to remember fewer passwords.
- Simplifies username and password management for admins.
- Reduces security risks for organizations, members, partner entities, customers, vendors, and partners.
- Increases login speed and eases the onboarding of new applications.
Types of SSO that we support
The SSO functionality enables OfficeRnD Members or Admins to log in to the Members Portal and Member Apps or in the Admin Portal using a single SSO provider.
Currently, we support:
- SSO for Member Tools enables OfficeRnD Members to log in to their organization using an SSO provider.
- SSO for the Admin Portal enables your admin team to log into the admin site using an SSO provider of your choice.
Our clients commonly use external SSO providers, such as OKTA, Google’s GSuite, and Office365 (Entra ID).
Differences Between Admin and Member SSO
As a configuration setup, both functionalities are identical. There are differences, however, which you will notice as a checkbox under each config:
- Account Activation (Members SSO)
- Turn Off Password Login (Members SSO)
- Enforcing SSO (Admin SSO)
Admin SSO
If Enforcing SSO is enabled, it will enforce SSO for every Teammate in your organization. If left disabled, your admin team will have a combination of SSO login and the standard OfficeRnD login.
- Enforcing means you'll lock out everyone, and they must use the external SSO to log in.
- Please ensure the input from the authentication provider links is correct before enforcing.
- Please ensure you've saved the links we provide that you need to add to the auth provider (*You'll receive emails with links just in case).
- Best practice: Ensure you've logged in successfully with SSO at least once before enforcing the SSO login.
Members SSO
Account Activation—With this setting enabled, members who exist in OfficeRnD will be allowed to log into the Members Portal without needing to be explicitly invited. No welcome email will be needed; it will just be a link to your Members portal. If this setting is disabled, members will have to be invited by your Admin team.
Turn Off Password Login - This setting enforces SSO login and prevents members from logging in with email and password. If it's left unchecked, members will have the option to use SSO or a normal email/password login.
- The standard login with OfficeRnD user and password
- The Public Calendar Page and Sign-up Page
- Reset password links
- Token for auth in the invite to portal email (Welcome email)
General Setup
- Log in to your identity provider account.
- Navigate to your applications.
- Create a new application for OfficeRnD
- To get the Base and Return URL, go to Settings/Integrations/Members SSO Authentication or Admins SSO Authentication/Configure.
- Copy the Client ID, Client Secret, and Discovery URL from your identity provider, and paste them into the corresponding fields in the Members SSO Authentication or Admins SSO Authentication configuration panel in OfficeRnD.
- Choose a Title that will appear on the login button - “Login with {Title}”
- Click Update.
- Your SSO is up and running!
Comments
Please sign in to leave a comment.