Single Sign On (SSO) Integration

sso integration after you're logged in via the sso (single sign on) solution, you can access all company approved applications and websites without having to log in again that includes cloud applications as well as on prem applications, often available through an sso portal (also called a login portal) benefits of using the sso integration greater security and compliance improved usability and employee satisfaction lower it costs login method types teleskope supports the following 3 mechanisms for setting up sso saml2 o365 username/password separate sso for front end and admin panel teleskope sso configuration requires setting up separate sso for the front end portal(affinities) and the admin panel affinities is the front end portal for employees to discover, join and engage with irgs/ergs and admin panel is reserved for admins within the organization the reason two different sso set ups are used is for security purposes as the admin panel has access to all erg membership data, security settings and other super user controls login methods in detail saml2 saml works by exchanging user information, such as logins, authentication state, identifiers, and other relevant attributes between the identity and service provider as a result, it simplifies and secures the authentication process as the user only needs to log in once with a single set of authentication credentials so, when the user tries to access a site, the identity provider passes the saml authentication to the service provider, who then grants the user entry saml is teleskope’s preferred method for sso configuration, due to its security and ease for the user steps for saml2 configuration teleskope will send two separate saml metadata links to clients(affinities and admin panel) the saml metadata contains following information that is required for sso integration at client’s end idp identity id idp sso url idp x509 cert attributes client’s it team to use the above information from metadata links to configure sso client’s it team to send corresponding saml files to teleskope teleskope team to complete the configuration in affinities client’s it team to test the single sign on client’s saml should pass on the following attributes to teleskope, however the attributes may change based on the client’s configuration first name (givenname) last name (surname) email address job title department office location name unique identifying id (tenantid) note any number of fields can be sent teleskope can map the fields to extended attributes one of the field should be a unique immutable identifier (sso saml nameid and hris external id should match) o365 office 365 single sign on (sso) allows your users to sign into applications and get it synchronized with their office 365 account to sign into their accounts using those office 365 credentials office 365 single sign on (sso) allows users to sign into applications with miniorange & get it synchronized with their office 365 account to sign into their accounts using those office 365 credentials sso will help users seamlessly log in to their account automatically using their active directory credentials which means they do not have to enter the credentials again once they have signed in to their machine in the given setup guide we will be integrating sso with office 365 using a saml authentication protocol in order to process sso data, the customer should provide the following parameters ‘tenant guid’ (a long string that identifies the company in microsoft cloud) ‘sync days’ i e the number of days after which the sso and hris sync must happen username/password this login method permits the user to login to the platform using username/password steps for username/password configuration the teleskope team enables username/password access for the client platform access links along with login instructions are sent to the client users click on the link and follow easy steps to sign up on the platform and create a password user logs into the platform using the new password saml2 is teleskope’s preferred login method over username/password, since saml2 is a more secure way of logging into the platform saml sso is easy to use and more secure from a user perspective as they only need to remember one set of user credentials it also provides fast and seamless access to a site as every application they access does not prompt them to enter a username and password