What are the differences between both systems?
- Single Sign-on (SSO): is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials, for example, outlook credentials.
- Pros: user doesn’t need to create a password and it’s a quick login.
- Cons: requires technical implementation.
- Credentials: user logs in with their work email address and a password they have created.
- Pros: no need of technical implementation.
- Cons: user needs to type the credentials every time they login, if they forgot the password they need to create a new one.
Should I configure atwork suite to login via SSO or via credentials?
Answer the below questions to find your better login type:
- In your company, do you work with a centralized credentialing system (SSO)?
- In your company, do you have an IT department?
If your answer is yes to both questions, SSO is your best login type.
If your answer is no to both questions, credentials is your best login type.
If in one of the questions your answer is yes, you can read the below documentation to check if you have the data required to login via SSO.
Which data atwork needs for configuring your platform with SSO
Below we explain what you need to do and which information you need to provide to atwork to be able to set up SSO.
Identity provider requirements
The identity provider your company is using, for example Azure Active Directory, should support:
- It should support OpenID connect.
- It should be able to include the user email address in the token. These email addresses must be the same as those used to register users in your atwork suite.
Steps to configure your identity provider
- Register a new app for atwork suite in your identity provider.
- Authorize the endpoints for redirection to your atwork app domain/sso. For example: if the domain of your atwork app is https://ssoexample.atwork.ai, the redirect should point to https://ssoexample.atwork.ai/sso.
- Activate Access token and Id token, both.
- Configured access token and id token to add the email claim.
Data to provide to atwork
- SSO ISSUER/CONNECTION URL: the URL for the connection with the OpenID of the application registered in your identity provider. For example, if you use Azure, the URL would be https://login.microsoftonline.com/xxx/v2.0
- SSO CLIENTID: the application ID for clients of the application registered in your identity provider.
Both data should be able to be found in the application registered with your identity provider.