Enterprise level subscription holders are able to add Single Sign On (SSO) capabilities to their client's EaseCentral portals as needed.
- SSO allows clients to log in to multiple websites with already established and verified credentials.
- At this time our SSO solution implements the SAML2 standard but testing has only been completed with Okta.
- We recommend working closely with the client's IT department to get SSO configured as they will likely need to provide key data to complete the set up.
- With SSO, the email addresses in EaseCentral must match the usernames set up with the SSO provider.
- At this time, email addresses are the only way to utilize SSO in EaseCentral.
To enable SSO:
1. Go to Logins > Security
2. Click ENABLE SINGLE SIGN ON (SSO)?
3. Enter the Endpoint URL.
4. Enter the X509 Certificate; see detailed instructions below.
5. Instruct client to add EaseCentral as a new application.
6. Provide them with the Single Sign On (SSO) URL from the SSO page in EaseCentral.
- This is requested in Okta under the SAML Settings section.
1.. Add in the EaseCentral SSO URL to the SSO URL field in Okta.
- The EaseCentral SSO URL can be used as the URI field in Okta as well.
2. Set the Name ID format in Okta to Email Address.
3. Complete the additional steps in Okta until you are brought to the Sign On tab.
Sign On tab (example is in Okta):
1. Click View Setup Instructions.
2. Copy the Identity Provider Single Sign on URL from Okta.
3. Paste in the Endpoint URL in EaseCentral.
4. Copy the X509 certificate from Okta.
5. Paste in the X509 Certificate field in EaseCentral.
- Once the above steps have been completed, SSO is set up, and EaseCentral usernames and passwords are no longer valid.
- Employees will need to use their Okta SSO credentials to gain access to their EaseCentral portal.
What the employee will see:
1. The EaseCentral Login page will now instruct employees to log in with their Okta/SSO credentials:
2. Once the employee has provided their Okta credentials and they are validated, they will be redirected to their EaseCentral dashboard.