Single Sign-On (SSO) Authentication

Introduction

Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentialsIn other words, SSO is the capability of a system to share login credentials with another system. The benefits of using SSO are the following:

  • You need to remember fewer passwords.
  • Simplifies username and password management for admins.
  • Reduces security risks for your organization and employees.
  • Increases speed to login and eases the onboarding of new employees to the system.

In OfficeRnD Hybrid, you can enable SSO for both the Web and Admin portals and enable your employees to log in using your SSO provider. The most commonly used external SSO providers by our clients are Google’s GSuite and Microsoft Azure.

Keep in mind that when you activate an SSO authentication, the following OfficeRnD Hybrid authentication services are disabled:
  • The standard login with an OfficeRnD Hybrid user and password
  • The "Reset password" links in OfficeRnD Hybrid
  • The token for authentication that employees receive when invited to the Members Portal. 

Add The Hybrid Work App to InTune

Please follow this article to go through the process of adding the Hybrid Work Android App to Mobile Device Management in InTune.

Enable SSO Authentication

You can set up SSO with every OpenID Connect provider. Below you can find the general setup steps that are applicable for most of the providers. 

1. Log in to your identity provider account.

2. Navigate to your applications.

3. Create a new application for OfficeRnD Hybrid.

4. Log-in to your Hybrid account.

5. Navigate to Settings/Integrations.

6. Look for SSO Authentication and click Activate.

sso auth 1.png

4. Next, click Configure.

config.png

5. In the Edit Authentication Integration dialog shown below, copy the Base URL (7) and Return URL (8) values and use them with your identity provider account to complete the configuration on their end.

6. From within your identity provider, copy the Client ID, Client Secret and Discovery URL and paste them into the corresponding fields (2, 3, 4) in the dialog.

7. Enter a Title in the field (1). Keep in mind that this title appears on the login button for your employees - “Login with {Title}”.

8. (optional) Enter Custom Scopes (can be space-separated) in the field (6).

9. (optional) Enable Automatic Account Activation (9).

10. (optional) Enable Enforce SSO for All Admins if you want to prevent admins from logging in with their OfficeRnD credentials.

edit auth 2.png

11. Click on Update to save the changes.

How to Set Up SSO with Specific Providers

Was this article helpful?
3 out of 3 found this helpful
Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.