Single sign-on (SSO) is an authentication method that allows users to log in with a single ID to multiple related but independent software systems. We support the following identity providers (IDP):
-
- Ping
- Okta
- Microsoft Entra ID (former Azure Active Directory). For Entra, we have an app in Entra Gallery.
Click here to download the app
Please note that when adding the nShift app, you need to add permissions in your tenant for the enterprise app to your users/groups. Please see the Entra Marketplace guide.
- SSO is activated by nShift for an Owner account and applies to all users under this Owner. New users will inherit SSO from the Owner.
- It is not possible to have some users with SSO and some without. If SSO has been activated, all users must use it.
- All user names must be identical to active users in the customer's Identity provider (IDP).
- When SSO is activated, no password is used when logging into nShift Portal. The username is entered and when the user selects Sign in, he or she is forwarded to the customer's identity server for login.
How to activate SSO
- Contact nShift Customer Service.
- For Microsoft Entra (Azure AD), please provide your Tenant ID and two users from the Customer's Entra. Read the important information below*.
- For Okta please provide Okta username, Client ID, Client Secret.
- Provide Portal username if you have a user yet and your installation ID/Actor ID.
- nShift will activate SSO.
*Important information about Microsoft Entra (Azure AD):
The Entra User (original user) must have admin rights in Azure to add applications from Entra Gallery. If the original user is deleted after the integration, then another user will be required from the Customer’s Entra that will become the owner and will be attached to the installation. Both the original user and the owner user will need manual SSO configuration. After the owner is set up all other users added under this owner, through the UI, will be set up as SSO.
As a recommended process, we will need two users from the Customer’s Entra. One will be the owner and another one who can do the Entra Gallery integration (original user). We can set up the owner with username (Entra Username) and password, then add the original user under this owner as SSO (manual setup). After the integration is complete in the customer’s Entra, we can change the owner to SSO (manual setup) and then add all other users (automatically set as SSO).
Resources
Guide by Microsoft: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal