What is Single Sign-on?
Single Sign-on allows your System Administrator to manage all logins across all applications from one secure platform. This ensures that applications can only be accessed if configured properly, thus giving you the confidence that your company's private information is safe.
For organizations with more than a handful of employees, this feature is critical for IT and Security teams to effectively manage user accounts across dozens or hundreds of vendors' contacts. In the event that an employee leaves the company, it allows the IT team to immediately disable their access to all applications, rather than logging into 100 different user management portals.
Simple steps to set up SSO with PingOne:
- Open the Configurations tab on the left side of the screen and go to the SSO settings tab, move the switch to On
- Open your PingOne account and create an Environment (or choose an existing one)
- Click Add Environment
- Choose Customer Solution
- Choose PingOne for Customers
- Enter your Environment Name and set license
- Add users to your Environment:
- Enter a valid Precoro account email
- Set a password
- Create an Application for Precoro:
- Choose Advanced Configuration
- Choose SAML Connection Type
- Configure your Application:
- Enter an Application Name
- Match fields from your SSO configuration tab in Precoro with fields in PingOne:
- ACS —> ACS URLs
- Entity ID —> Entity ID
- Single Logout Response Endpoint —> SLO Endpoint
- Single Logout Response Endpoint —> SLO Response Endpoint
- Enter ASSERTION VALIDITY DURATION (IN SECONDS)
- Set Encryption:
- Make Encryption enabled
- Choose an AES_256 Algorithm
- Import the Precoro Certificate from the SSO configuration tab in Precoro
- Match SAML Attributes:
- PingOne User Attribute must be an Email Address
- Download Metadata from Configuration tab in the Application and upload it to Step 4 in the SSO setting tab in Precoro
- Copy Issuer ID from the Configuration tab in the Application and paste it to Step 3 in Precoro SSO settings
What happens next?
1. When a user has access to a group where Precoro is assigned, they can authorize access for Precoro with their access to the identity provider.
2. When your company uses SSO, the following capabilities will be disabled in Precoro:
- password setup and reset;
- email editing.
How can you invite new users to Precoro if SSO is enabled:
- You can still invite users to your Precoro company account from the User Management tab. But first, this user must be added to your user list in PingOne.
- A new user will be redirected to the Company Login page from the invitation email.