What is Single Sign On?
Single Sign-On (SSO) is an authentication scheme that allows a user to log in with a single login and password to any of several software systems. Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials.
For Advanced and Trial plans only, ActivTrak supports Single Sign-On (SSO) and Multi-Factor Authentication (MFA) by delegating the user authentication process to identity providers that support the SAML 2.0 standard. Okta, DUO, AD Azure, and many other popular providers support this standard.
- Protect your company’s sensitive information.
- Comply with your company’s security standards and requirements.
Which Identity Providers Work With ActivTrak?
ActivTrak has certified SSO for the following identity providers:
- Azure AD
- Google Suite
- DUO (with Okta as an identity provider)
These have been tested and certified; however, all identity providers that support SAML 2.0 should work.
How does it work?
In Advanced and Trial plans, ActivTrak administrators can enable SSO for a given account and configure the information needed by ActivTrak to delegate authentication to any Identity Provider that supports the SAML 2.0 standard (e.g. Okta, DUO, etc.)
If SSO is enabled for a particular account, users can log in to the ActivTrak app using SSO. Furthermore, Administrators can enable MFA for users logging into the ActivTrak application by turning on MFA in their identity provider.
How to configure Single Sign-On (SSO) for your ActivTrak account
- Create the ActivTrak application in your Identity Provider. When configuring this new application, you will need two pieces of information that you can get from the Settings -> Security page:
- Audience URI (SP Entity ID): https://app.activtrak.com
- Single Sign On Url: https://auth.activtrak.com/sso/saml/assertion
Note: These values may differ for each account, so please make sure to get them from your account’s ActivTrak Security page.
- ActivTrak Administrators for Advanced & Trial customers have the ability to enable & configure SSO in the Settings -> Security page. The Provider Name can be entered manually. The Logon URL, SAML Issuer ID and Certificate information can be obtained from your Identity Provider when creating the ActivTrak application there and copy/pasted into the ActivTrak Security page fields.
- ActivTrak Administrators can select which users will authenticate via SSO in the Access page. When SSO is enabled for a user, the ability to change their password is disabled.
Note that ActivTrak Administrators for Freemium & Basic customers do not have the ability to enable & configure SSO in a configuration screen. For this reason, SSO will be automatically disabled if an Advanced or Trial customer downgrades to Freemium.
How can you configure Multi-Factor Authentication (MFA) for your ActivTrak account?
Administrators can enable MFA for users logging into the ActivTrak application by turning on MFA in their identity provider (e.g. Okta). In other words, the MFA functionality is part of the identity provider that ActivTrak integrates with.
How do users login using SSO?
All users will see a new “SSO” option/button in the login screen.
Upon clicking on the new SSO button, the user will be taken to a specific SSO login screen where they can enter their login.
Based on the login entered, the user will be redirected to the corresponding authentication process of their identity provider (e.g. Okta login screen).
If the email entered is not associated with an account that has SSO enabled, the user will receive an error message.