In this article, you'll learn:
What is SSO log in?
SSO, or Single Sign On, is an alternative log-in option that allows you to quickly and easily log in to online applications without needing to enter your password, by verifying your identity through an identity provider such as Microsoft Azure or Google Workspace.
What identity provides are available for SSO log-in?
On usecure you can set up SSO log-in with Microsoft Azure, Google Workspace, Okta, or a custom SSO identity provider.
What configuration options are available for SSO log-in?
You can set up SSO as an alternative log-in option for admins or end users, or restrict either or both user type to just logging in with a password or only with SSO. Configure your log-in options by navigating to Settings > SSO in your usecure portal.
Admin User Login Method
This option controls how admin users access the platform.
Password Only - Admin users can only log in with their email and password. SAML SSO will not be permitted even if it is configured.
SSO Only - Admin users must use SAML SSO to log into the platform. This option disables all password management features e.g. Forgotten Password.
Password & SSO - Admin users can use login with either SAML SSO or their email and password. We recommend using this option until you are confident SAML SSO is working correctly.
Users with two-factor authentication enabled will still be required to enter an authenticator code when logging in with SAML SSO.
End User Login Method
This option controls how users access the platform’s End User Portal.
Magic Link Only - Users have to request a magic link by providing their email address. They will then be emailed a magic link that grants them access to the End User Portal. SAML SSO will not be permitted even if it is configured.
SSO Only - Users must use SAML SSO to log into the platform.
Password & SSO - Users can use login with either SAML SSO or magic links. We recommend using this option until you are confident SAML SSO is working correctly.
How to configure SSO log-in
For specific guides on your identity providers, please refer to the guides below.
1. Getting system provider credentials for the platform
Log into the platform and go to Settings > SSO. Toggle the switch to enable SSO.
Scroll down to the SAML section and copy the Assertion Consumer Service (ACS) URL and Entity ID. You’ll need these to set up the SAML app in your identity provider.
2. Setting up SAML in your Identity Provider
For the next part of the process you will need to login to your identity provider and create a new SAML connection/application. During this process you will need to enter the ACS URL and Entity ID provided by the platform which you copied earlier.
The SAML setup process for your identity provider should provide an entry point URL and a certificate. You will need to copy or download these credentials so you can use them in the next step.
3. Setting the Identity Provider Credentials in the Platform
Go back to the platform SSO settings page and scroll down to the SAML section.
You’ll need the identity provider details you copied/downloaded during the creation of your SAML app.
Paste the SSO URL into the SAML Entry Point (Identity Provider SSO URL) field
Paste the certificate into the SAML Signing Certificate (Public x509 Certificate) field. You can drag & drop the certificate file into the field or manually upload the file if you wish.
Click Save to finish the SAML set up process.
Next steps
Learn how to login with SSO