Single Sign-on (SSO) basics
What is Single Sign-on?
From Wikipedia:
Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.s.
SSO allows you to securely grant members of your team access to our CRM by internally managing their credentials through the Identity Provider (IdP) of your choice.
Who can enable SSO?
SSO can be enabled by Customer Success team. Please contact them if you need help.
Who can configure or modify the SSO configuration?
Only a team member of an Account with an Admin role can configure or modify the SSO configuration.
How can I access the CRM if my Identity Provider experiences downtime?
If SSO is enabled and your IdP is experiencing downtime, you will be able to use your user and password.
What if an employee leaves our company?
Given that the employee isn't a CRM admin and that mandatory SSO is never dropped, as soon as you revoke the employee access in your identity provider, the employee won't be able to use the CRM.
How to configure SAML in our CRM
Prerequisites
- Account Admin privileges.
- Privileges in Azure AD that allow you to add, configure, and register applications. If you don't have these privileges, contact an Azure AD admin before continuing.
Step 1: Create and configure an Azure AD SAML app
- Sign into your account.
- Click on your Name > Account Settings.
- Scroll down to the Single Sign-on section.
- You will see the configuration details.
Leave this page open - you'll need it to complete the setup.
Step 2: Create the app in Azure AD
- Sign into your Microsoft Azure account.
- In the search bar, enter azure active directory and click the Azure Active Directory result:
- On the page that displays, verify you’re in the correct tenant before proceeding. Otherwise, click Switch tenant and navigate to the correct tenant.
- In the left sidenav, click Manage > Enterprise applications.
- On the page that displays, click + New application. This will open the Azure AD Gallery page.
- Click + Create your own application.
- In the window that displays, fill in the fields as follows:
- Enter a name for the app. For example: TEST.
- Check Integrate any other application you don’t find in the gallery (Non-gallery)
- When finished, click Create.
It may take a few minutes for the app to be created. When it’s finished, you’ll be redirected to the app’s Overview page.
Step 3: Configure the app's Single Sign-on method using SAML
- On the app’s Overview page, click Manage Single-sign on in the left sidenav.
- On the Select a single sign-on method page, click SAML.
- On the page that displays, click Basic SAML Configuration > Edit:
- In the window that displays, fill in the fields as follows:
- Identifier (Entity ID): Copy and paste the Identifier (Entity ID) value from Pushtech into this field and check the Default checkbox.
- Reply URL: Copy and paste the Reply URL value from Pushtech into this field and check the Default checkbox.
- The page should look similar to the following:
- When finished, click Save. You’ll be redirected back to the app’s Set up Single Sign-On with SAML page.
- asdasd
Step 4: Connect to our CRM
Navigate back to the page where your CRM account is open.
- In our CRM, scroll down to the Identity Provider (IdP) Details section.
- Fill in the fields as follows:
- Organization email domain: the domain that will use to access to pushtech.
- IdP Entity ID: Copy and paste the Azure AD Identifier value from SAML-based Sign-on section.
- IdP Single Sign-On URL: Copy and paste the Login URL value from SAML-based Sign-on section.
- IdP X.509 certificate: Copy and paste the Certificate (Base64) from SAML-based Sign-on section.
- Active: Mark the checkbox
- Click on Create integration.
Step 5: Grant users access to the app
The last step to configuring the app is to grant access to users in your Azure AD instance. This ensures that they'll be able to access Pushtech via SSO.
Using the process your organization follows, grant Pushtech Azure AD app access to your colleagues.
Step 6: Test your set up
- Open your browser in an incognito window.
- Go to pushtech sign in url.
- Click on Sign in with SAML SSO.
- Enter your email and click on Log in.
- If you are able to sign in with SSO through Azure, your application was successfully set up.
Comments
0 comments
Article is closed for comments.