SiteSpect’s Single Sign-On (SSO) provides a single point of authentication through your Identity Provider (IdP). To manage this feature, SiteSpect supports Active Directory using SAML. You can manage SiteSpect credentials and permissions within your IdP; once established there, your employees can use their corporate credentials to sign into SiteSpect. Contact the SiteSpect Help Desk to enable SSO for your account and your users.
In this article:
Terminology
SSO: Single sign-on (SSO) is a centralized authentication service in which one set of login credentials can be used to access multiple applications.
Service Provider (SP): The application or website that a user wants to log into. e.g. SiteSpect
Identity Provider (IdP): The system that manages user identity information and provides authentication to the SP. e.g. Okta, Google Sign-In
SAML: Security Assertion Markup Language (SAML) is an authentication process. Specifically, it is an open standard for exchanging authentication and authorization data between an identity provider and a service provider.
oAuth: Open authorization (OAuth) is an authorization process. This protocol is used to pass authorization from one service to another.
Single Logout (SLO) is a feature in federated authentication where end users can sign out of both their Okta session and a configured application with a single action.
Authentication is the act of validating that users are whom they claim to be. This is the first step in any security process.
Authorization in system security is the process of giving the user permission to access a specific resource or function. This term is often used interchangeably with access control or client privilege.
What does SiteSpect support?
SiteSpect Supports:
- SAML IdPs
- Authentication
Supported SAML IdPs (Identity Providers):
- Amazon
- Apple
- Azure Active Directory
- Discord
- GitHub
- GitLab
- Microsoft/Azure Active Directory
- OpenID
- PayPal
- PingFederate
- SAML 2.0
- Salesforce
- Xero
- Yahoo & Yahoo Japan
- Okta
Not supported:
- oAuth IdPs
- Authorization
- Single Logout
Setup Steps
SiteSpect support will work with you to configure SSO. From you, we will need:
- IdP details
- IdP Issuer URI (eg: http://example.com/adfs/services/trust)
- IdP Single Sign-On URL (eg: https://example.com/adfs/ls)
- IdP Signature Certificate
- User details
- List of user accounts, site access, and desired privilege levels
User permissions are managed within the SiteSpect control panel. Once SSO is configured for you, we will need to enable SSO login on existing accounts and create new accounts with SSO enabled and desired permissions within the SiteSpect control panel.
Outgoing Claims
We require the following claims from the Relying Party Trust for IdP configuration:
- firstName
- lastName
- NameID sent in "Email" format
The User Preferences tab of the My profile page contains a feature called Login Method that shows if SSO is enabled for your account. Only users with Manage Users permission can modify this setting.
Logging in with Single Sign-On
To log in with single sign-on:
- Click Log in using Single Sign-On on the login page.
- Enter the domain name of your organization and click Continue to log in.
You can select to have SiteSpect remember your domain; the next time you log in, SiteSpect will prefill that domain field. - You will then authenticate using your Single Sign-On credentials
Frequently Asked Questions
Q: Who manages SSO passwords?
A: Authentication is managed by the customer's identity provider (IdP) while authentication is conducted on the SiteSpect side.
Q: Who manages the SiteSpect accounts?
A: SiteSpect Control Panel (Admin) accounts are managed by the customer contact who possesses the Manage Users (MU) privileges (more information here). Customer can also submit a request to the SiteSpect helpdesk <helpdesk@sitespect.com> for assistance.
Q: Who manages login details (e.g. passwords)?
A: A new user is created/provisioned directly in the SiteSpect Control Panel (Admin). Once the 'Login Method' (User Preferences > Password & Contact Info tab) is selected, passwords are managed by the customer's IdP.