Clients with Enterprise level subscriptions are able to add Single Sign On (SSO) capabilities to their client's EaseCentral portals as needed. SSO allows clients to log in to multiple websites with already established and verified credentials. At this time our SSO solution implements the SAML2 standard but testing has only been completed with Okta. Screenshots below are from an Okta set up. We recommend working closely with the client's IT department to get SSO configured as they will likely need to provide key data to complete the set up. With SSO, the email addresses in EaseCentral must match the usernames set up with the SSO provider. At this time, email addresses are the only way to utilize SSO in EaseCentral.
To enable SSO, go to Customize > Login Security and click the box to enable SSO:
Once the box has been checked two other pieces of data must be entered into EaseCentral, the Endpoint URL as well as the X509 Certificate.
The client will need to set up their SSO provider with the EaseCentral credentials. Please instruct them to add EaseCentral as a new application. Provide them with the Single Sign On (SSO) URL provided on the SSO page in EaseCentral. This will be requested in Okta under the SAML Settings section. Add in the EaseCentral SSO URL to the SSO URL field in Okta. The EaseCentral SSO URL can be used as the URI field in Okta as well. The client should set the Name ID format in Okta to Email Address. Complete the additional steps in Okta until you are brought to the Sign On tab.
From the Sign On tab in Okta:
1. Click View Setup Instructions
2. Copy the Identity Provider Single Sign on URL from Okta
3. Paste in the Endpoint URL in EaseCentral
4. Copy the X509 certificate from Okta
5. Paste in the X509 Certificate field in EaseCentral
Once the above steps have been completed, SSO is set up, and EaseCentral usernames and passwords are no longer valid. Employees will need to use their Okta SSO credentials to gain access to their EaseCentral portal. The EaseCentral Login page will now instruct employees to log in with their Okta/SSO credentials:
Once the employee has provided their Okta credentials and they are validated, they will be redirected to their EaseCentral dashboard.