Single Sign-On (SSO) is a user authentication tool that allows users to securely access multiple applications and services using just one set of credentials. Instead of managing ten passwords a day, SSO securely ensures you only need one. Users can also access multiple platforms and apps without needing to log in each time.
Enable can set up or disable SSO for your users based on your organization’s requirements.
SSO is not available for Collaborator users. Collaborators must sign in using the email and password associated with their Enable account.
SSO Functionality
SSO operates on a trust relationship established between the service provider and an identity provider. This trust relationship is based upon a certificate that is exchanged between the identity provider and the service provider. This certificate is used to sign identity information in the form of tokens sent from the identity provider to the service provider, ensuring that the service provider can verify it comes from a trusted source.
-
Identity Provider (IdP): A system or service that manages and maintains identity information for users and provides authentication services to other applications or services. For example, if your organization already uses Active Directory as an IdP, SSO can enhance the speed and security of authentication for your teams.
-
Service Provider (SP): An application or service that relies on an IdP to authenticate users and provide access to resources or services. Enable uses the secure and widely adopted industry Security Assertion Markup Language 2.0 (SAML 2.0). This ensures that Enable’s implementation of SSO integrates seamlessly with Google G-suite, Microsoft Entra ID (previously referred to Azure AD) and Okta.
Understanding authentication tokens
An authentication token is a collection of data or information that is passed from one system to another during the SSO process. When a user signs in to an SP using an SSO service, an authentication token is created that identifies the user is verified. This data might include an email address, username and password.
To ensure the token’s authenticity, it must be digitally signed, allowing the receiving system to confirm it comes from a trusted source. The certificate used for this digital signature is shared during the initial setup.
Note: When you log out of the external IdP, you will be automatically logged out of Enable as well.
Requirements for SSO implementation
The SSO functionality applies only to Organization users, not Collaborator users. The prerequisites for implementing SSO using SAML authentication with your chosen Identity Provider are:
-
Configured Identity Provider (IdP): A configured IdP that supports SAML authentication. For example, Microsoft Entra ID, Google G-suite, Okta or any other provider that complies with SAML 2.0.
-
Administrative Access: Administrative access to your IdP for configuration. Enable’s system administrators will have access to Enable’s service for SAML SSO configuration.
-
Metadata Exchange: Credentials or metadata from your IdP, including IdP Name, IdP EntityID, and IdP public certificate. Enable will provide you with metadata details including ACS URL and SP Entity ID.
Ready to implement SSO? Learn how to configure SSO here.