About Single Sign-On
Single Sign-On (SSO) is an account security feature that authenticates users and grants users access to applications. Only Referrers can go to the white-labeled login page and use the Single Sign On SSO feature to login. To use single sign on, the Referrer must set up a domain with a provider. Identity Provider examples: OneLogin, Google, Microsoft , Okta, and more.
Single Sign-On utilizes Security Assertion Markup Language (SAML 2.0 (Security Assertion Markup Language) or OpenID Connect (1.0) protocols to authenticate a user defer user authentication to your chosen IdP and provide identity data for platform access control. This process allows authentication to be deferred to the IdP (Identity Provider)
To use Single Sign-On, you must set up a domain with an Identity Provider (IdP) such as OneLogin, Google, Microsoft, or Okta.
See the expandable content below for a brief comparison of authentication protocols:
Expand |
---|
title | Comparing SAML 2.0 & OpenID Connect 1.0 |
---|
|
| SAML 2.0 | OpenID Connect 1.0 |
---|
Supported Protocols | XML, HTTP, SOAP, & all other XML-friendly protocols. | XRDS & HTTP | Validation Process | Validated through chosen IdP intermediary service response. | Validated through OAuth server response. | Access Response | SAML authentication “assertion” is generated by the intermediary IdP service to grant access. | A temporary access token is granted by the IdP server to grant access. | Supporting Identity Providers | Okta OneLogin SalesForce SiteMinder
| |
|
Tip |
---|
Benefits of Single Sign-On |
Info |
---|
More on Single Sign-On Auth ProtocolsVisit the links below to learn more about different authentication protocols: |
Getting Started with Single Sign-On
Once you have chosen your preferred IdP and are ready to enable SSO for the Payrix Platform, follow the instructions below for the protocol you’re using:
OneLogin Setup
How to Implement with SAML
For this example, we will be using OneLogin. Follow your IdP instructions for connection.
Expand |
---|
title | Instructions - OneLogin SAML |
---|
|
In the OneLogin app, access the SAML application and click Configurations. In the Portal, navigate to Settings > Business Settings (Settings category) > Hosts > Single Sign-On and click the “edit” button. Select SAML2.0 from the “Single Sign-On Protocol” drop-down and copy the Entity ID and Single Logout URL. From the Portal, paste the Entity ID and Single Logout URL into the corresponding fields on the Configurations tab in OneLogin . Click Save in the Configurations tab.
Step 2: Enable OneLogin Single Sign-OnIn the OneLogin app, navigate to the SSO tab. Copy the following fields from OneLogin and paste them in the Portal Single Sign-On menu fields:
OneLogin App (Copy) | Payrix Portal (Paste) | Notes |
---|
Issuer URL | Entity ID | | SAML 2.0 Endpoint (HTTP) | SAML 2.0 Endpoint | | SLO Endpoint (HTTP) | Single Logout Service Endpoint | | XL509 certificate | XL509 | To see the XL509 certificate field in OneLogin, click the “View Details” button. |
Step 3: Apply Single Sign-On ConfigurationIn the Portal, click the checkmark (where the edit button was) to confirm and save the changes. Navigate to the Profile page and click the Update Single Sign-On button.
Done. Your new Single Sign-On setup is complete. |
How to Implement with OpenID
For this example, we will be using OneLogin. Follow your IdP instructions for connection.
Expand |
---|
title | Instructions - OneLogin OpenID |
---|
|
In the OneLogin app, access the OpenID application and click Configurations. In the Portal, navigate to Settings > Business Settings (Settings category) > Hosts > Single Sign-On and click the “edit” button. Select OpenID from the “Single Sign-On Protocol” drop-down and copy the Redirect URLs; paste them in the Redirect URLs section of the OneLogin Configurations tabapp.
Step 2: Enable OneLogin Single Sign-OnIn the OneLogin app, navigate to the SSO tab. Copy the following fields from OneLogin and paste them in the Portal Single Sign-On menu fields:
OneLogin App (Copy) | Payrix Portal (Paste) | Notes |
---|
Issuer URL | Entity ID | | Client ID | Client ID | | Client Secret | Client Secret | Click “show” to reveal the secret to be copied. |
Step 3: Apply Single Sign-On ConfigurationIn the Portal, click the checkmark (where the edit button was) to confirm and save the changes. Navigate to the Profile page and click the Update Single Sign-On button.
Done. Your new Single Sign-On setup is complete. |
...
Google
How to Implement with SAML
For this example, we will be using Google. Follow your IdP instructions for connection.
Expand |
---|
title | Instructions - Google SAML |
---|
|
Step 1: Setup in Google AdminFrom the home page the Google Admin console, navigate to Apps->SAML Apps and click: Add App > Add custom SAML app. Add a name into the App Details page. Download the IdP metadata or Copy the SSO URL, Entity ID, and download the Certificate; then, click Continue.
Step 2: Enable Access to Portal In the Portal, go to the Single Sign-On menu. Copy these fields from the Single Sign-On menu and paste them into the Service Provider Details window of the Google Admin console. Then click Finish
Payrix Portal → | Google Admin console |
---|
ACS URL | ACS URL | Entity ID | Entity ID | Start URL | Start URL |
Step 2: Turn on your SAML App From the Google Admin console, go to Apps and select your new SAML app. Click User access, then locate the On/Off for Everyone toggle. On for everyone - Enables SSO with SAML for everyone in your Google organization. Off for everyone - Disables SSO with SAML for everyone in your Google organization.
When finished, click Save.
Step 3: Enable SSO for a Host In the Portal, navigate to Settings > Business Settings (Settings category) > Hosts Locate the desired Host name and click on their listing. You will be taken to their Profile page. In the Profile page, click Features then locate Single Sign-On within the menu and toggle it to On.
|