Enable Single Sign-On (SSO) & Multi-Factor Authentication (MFA) with ActivTrak

What is Single Sign-On (SSO) & Multi-Factor Authentication (MFA)?

Single Sign-On (SSO) is an authentication scheme that allows a user to log in with a single login and password to any of several software systems. Multi-factor authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. (Note: MFA and 2FA are often used interchangeably).

ActivTrak supports SSO (Single Sign-On) and Multi-Factor Authentication (MFA) for Paid and Trial plans only, by delegating the user authentication process to identity providers that support the SAML 2.0 standard. 

What are the Benefits?

• Protect your company’s sensitive information
• Comply with your company’s security standards and requirements

Which Identity Providers Work With ActivTrak?

ActivTrak has certified SSO for the following identity providers:

• Okta
• Azure AD
• OneLogin
• Google Workspaces
• DUO (with Okta as an identity provider)

These have been tested and certified; however, all identity providers that support SAML 2.0 should work. 

How does it work?

ActivTrak Admins can enable SSO for a given paid or trial account and configure the information needed by ActivTrak to delegate authentication to any Identity Provider that supports the SAML 2.0 standard (e.g. Okta, DUO, etc.)

If SSO is enabled for a particular account, users can log in to the ActivTrak app using SSO. Furthermore, Admins can enable MFA for users logging into the ActivTrak application by turning on MFA in their identity provider.

How to configure Single Sign-On (SSO) for your ActivTrak account

1. Create the ActivTrak application in your Identity Provider. When configuring this new application, you will need two pieces of information that you can get from the Settings -> Security page:

• Audience URI (SP Entity ID): https://app.activtrak.com
• Single Sign On Url: https://auth.activtrak.com/sso/saml/assertion

Note: These values may differ for each account, so please make sure to get them from your account’s ActivTrak Security page.

2. ActivTrak Admins of paid and trial plans only have the ability to enable & configure SSO in the Security Page (Settings > Security). The Provider Name can be entered manually. The Logon URL, SAML Issuer ID and Certificate information can be obtained from your Identity Provider when creating the ActivTrak application there and copied andpasted into the ActivTrak Security page fields.
   
   
3. ActivTrak Admins can select which users will authenticate via SSO on the Access Page (Settings > Access). When SSO is enabled for a user, the ability to change their password is disabled. 

Note: Admins of free ActivTrak accounts do not have the ability to enable & configure SSO in a configuration screen. For this reason, SSO will be automatically disabled if a formerly paid or trial account downgrades to a free plan. Learn more about plan types here.

How can you configure Multi-Factor Authentication (MFA) for your ActivTrak account?

Administrators can enable MFA for users logging into the ActivTrak application by turning on MFA in their identity provider (e.g. Okta). In other words, the MFA functionality is part of the identity provider that ActivTrak integrates with. 

How do users log in using SSO? 

All ActivTrak users will see a new “SSO” option/button on the login screen. 

Upon clicking on the new SSO button, the user will be taken to a specific SSO login screen where they can enter their login.

Based on the login entered the user will be redirected to the corresponding authentication process of their identity provider (e.g. Okta login screen).

If the email entered is not associated with an account that has SSO enabled, the user will receive an error message.

Learn more:

• Visit ActivTrak's Trust Center
• ActivTrak's SOC 2 Compliance
• Data Privacy and the ActivTrak Platform
• Contact Support