Advanced Setup and Configuration
      Back to home
      1. Help Center
      2. Veonics® Portal Users Manual
      3. Advanced Setup and Configuration

      How is SSO enabled in the Veonics Portal?

      Our software has the capability for users to log-in via SSO, this article reviews how to set that up.

      SSO, or Single Sign-On is a process that authenticates a user in multiple programs through the credentials of a single root account. Microsoft (Azure) is the most common root account that companies use but there are others. The idea here is that instead of needing different account credentials for the various programs we use at work (and having to remember all those passwords) you just need to know the credentials for your Microsoft account. There is an added layer of security with this as well; if an employee gets terminated or leaves the organization, IT only needs to deactivate their Microsoft account which instantly revoke access to that terminated employees email and all programs that use SSO for access. 

       

      How to Enable SSO

      1. Before beginning, we recommend logging into the Portal with a different account than the one you are enabling SSO in. This prevents being locked out of that account if the setup process does not work initially for any reason. Should that happen, the SSO enabled user would attempt to log-in and be denied access due to a failed connection to the root account (Microsoft Azure for example). The only way to get back into that account is to have a Portal Admin enter the SSO settings for that user and either make corrections to the settings so authentication can be reattempted, or turn off SSO so the user can gain access by entering their standard Portal username and password. 
      2. After logging into the Portal, select the "User" button, locate the user you wish to enable SSO with, highlight them and select "View".
      3.  Select "Edit", the "Single Sign On" tab, then check off the "Enable SSO" box. 
      4. You will notice that the "Base URL" field and all of the fields under the "Service Provider" heading area are already populated. Do not edit these. The customer will need the information in these fields to setup the connection in their root application. 
      5. Strict Checkbox and NameID: The first field to fill in is the NameID. Enter the username for the root account here. If you are using Microsoft Azure as your root application, this would be your email address. The NameID field is what gets transmitted from the Portal to your root application for verification. 
        1. The Strict Checkbox is optional but it serves as an added layer of security. When checked, the Portal will require an exact match of both the spelling AND case sensitivity of the NameID during the SSO authentication process when it is matched against what is in the root application. When unchecked, the system will ignore case sensitivity and just look for an exact match of the spelling. 
      6. Identity Provider Section: After the customer sets up the connection on their side (step 4), their root application will provide them with a "Metadata URL". Copy and paste that link into the "Metadata URL" field in the Portal and select "Load Metadata". The system will think for a second and then populate the Identity Provider fields. Note that if the customer does not use Single Logout, those fields will remain blank. 
      7. Select Save. SSO is now configured and we can perform a test!
      8. It is important to note that after SSO is enabled, the user will still enter their Portal username when logging in, not the NameID. Once the username is entered in the Portal simply hit your tab key or click anywhere outside of the username box and the SSO process will initiate. You will be directed to the root application login screen, enter the username/password and with the correct credentials you will be redirected to the Portal and logged in.
        1. Depending on your Root Application settings, your access token will remain active for a period of time. So if you log out and try to log back in an hour later, you may find that after initiating the SSO authentication your root application has an active session which redirects you to the portal without having to enter your Root Application credentials. 
      9. At this time, this process must be done for each user. We do not have a way to mass enroll users into SSO.