Integrations

Single Sign On (SSO) Integration

10min

SSO Integration

After you're logged in via the SSO (Single Sign On) solution, you can access all company-approved applications and websites without having to log in again. That includes cloud applications as well as on-prem applications, often available through an SSO portal (also called a login portal).

Benefits of Using the SSO integration:

  • Greater security and compliance
  • Improved usability and employee satisfaction
  • Lower IT costs

Login Method types

Teleskope supports the following 3 mechanisms for setting up SSO: 

  • SAML2
  • o365
  • Username/password

Separate SSO for Front end and Admin Panel

Teleskope SSO configuration requires setting up separate SSO for the front end portal(Affinities) and the Admin Panel. Affinities is the front end portal for employees to discover, join and engage with IRGs/ERGs and Admin Panel is reserved for Admins within the organization. 

The reason two different SSO set ups are used is for security purposes as the Admin Panel has access to all ERG membership data, security settings and other super user controls. 

Login Methods in Detail

SAML2

SAML works by exchanging user information, such as logins, authentication state, identifiers, and other relevant attributes between the identity and service provider. As a result, it simplifies and secures the authentication process as the user only needs to log in once with a single set of authentication credentials. So, when the user tries to access a site, the identity provider passes the SAML authentication to the service provider, who then grants the user entry.

SAML is Teleskope’s preferred method for SSO configuration, due to its security and ease for the user.

Steps for SAML2 configuration

  1. Teleskope will send two separate SAML metadata links to clients(Affinities and Admin Panel). The SAML metadata contains following information that is required for SSO integration at client’s end.  
  • IDP Identity ID
  • IDP SSO URL
  • IDP X509 Cert
  • Attributes
  1. Client’s IT team to use the above information from metadata links to configure SSO.
  2. Client’s IT team to send corresponding SAML files to Teleskope.
  3. Teleskope team to complete the configuration in Affinities.
  4. Client’s IT team to test the single sign on. 

Client’s SAML should pass on the following attributes to Teleskope, however the attributes may change based on the client’s configuration:

  • First Name (givenname)
  • Last Name (surname)
  • Email Address
  • Job Title
  • Department
  • Office Location Name
  • Unique Identifying ID (TenantId)

NOTE: ANY NUMBER OF FIELDS CAN BE SENT. TELESKOPE CAN MAP THE FIELDS TO EXTENDED ATTRIBUTES. ONE OF THE FIELD SHOULD BE A UNIQUE IMMUTABLE IDENTIFIER (SSO SAML NAMEID and HRIS EXTERNAL ID should match)

o365

Office 365 Single Sign-On (SSO) allows your users to sign into applications and get it synchronized with their Office 365 account to sign into their accounts using those Office 365 credentials.

Office 365 Single Sign-On (SSO) allows users to sign into applications with miniOrange & get it synchronized with their Office 365 account to sign into their accounts using those Office 365 credentials. SSO will help users seamlessly log in to their account automatically using their Active Directory credentials which means they do not have to enter the credentials again once they have signed in to their machine. In the given setup guide we will be integrating SSO with Office 365 using a SAML authentication protocol.

In order to process SSO data, the customer should provide the following parameters:

  • ‘Tenant GUID’ (a long string that identifies the company in Microsoft cloud)
  • ‘Sync days’ i.e. the number of days after which the SSO and HRIS sync must happen

Username/Password

This login method permits the user to login to the platform using username/password. 

Steps for Username/Password Configuration

  1. The Teleskope team enables username/password access for the client.
  2. Platform access links along with login instructions are sent to the client.
  3. Users click on the link and follow easy steps to sign up on the platform and create a password.
  4. User logs into the platform using the new password. 

SAML2 is Teleskope’s preferred login method over username/password, since SAML2 is a more secure way of logging into the platform. SAML SSO is easy to use and more secure from a user perspective as they only need to remember one set of user credentials. It also provides fast and seamless access to a site as every application they access does not prompt them to enter a username and password.

Updated 16 Oct 2024
Doc contributor
Did this page help you?
PREVIOUS
HRIS Integration
NEXT
One-Time Password (OTP) Integration
Docs powered by Archbee