What is Single Sign-on?
Single Sign-on allows the System Administrator within your organization to manage all logins across all applications from one secure platform. This ensures that applications can only be accessed if configured properly, thus giving you the confidence that your company's private information is always safe.
For organizations with more than a handful of employees, this feature is critical for IT and Security teams to be able to effectively manage user accounts across dozens or hundreds of vendors. In the event that an employee leaves the company, it allows the IT team to immediately disable their access to all applications, rather than logging into 100 different user management portals.
Simple steps to set up SSO with PingOne:
- Open the Configurations tab on your left and go to the SSO settings tab, move the switch to On
- Open your PingOne account and create an Environment (or choose an existing one)
- Click Add Environment
- Choose Customer Solution
- Choose PingOne for Customers
- Enter your Environment Name and set license
- Add users to your Environment:
- Enter a valid email from Precoro
- Set a password
- Create an Application for Precoro:
- Choose Advanced Configuration
- Choose SAML Connection Type
- Configure your Application:
- Enter an Application Name
- Match fields from your SSO configuration tab in Precoro with fields in PingOne:
- ACS —> ACS URLs
- Entity ID —> Entity ID
- Single Logout Response Endpoint —> SLO Endpoint
- Single Logout Response Endpoint —> SLO Response Endpoint
- Enter ASSERTION VALIDITY DURATION (IN SECONDS)
- Set Encryption:
- Make Encryption enabled
- Choose AES_256 Algorithm
- Import Precoro Certificate from SSO configuration tab in Precoro
- Match SAML Attributes:
- PingOne User Attribute must be Email Address
- Download Metadata from Configuration tab in the Application and upload it to Step 4 in the SSO setting tab in Precoro
- Copy Issuer ID from Configuration tab in the Application and paste it to Step 3 in Precoro SSO settings
What happens next?
1. When a user has access to the group where Precoro is assigned, he can authorize to Precoro with his access to the identity provider.
2. When your company uses SSO, the following capabilities will be disabled in Precoro:
- password setup and reset;
- email editing.
How can you invite new users to Precoro if SSO is enabled:
- You can still invite users to your Precoro company from the User Management tab. But first, this user must be added to your user list in PingOne.
- A new user will be redirected to the Company Login page from the invitation email.