Single sign-on (SSO) is an authentication method that allows users to sign in using one set of credentials to multiple independent software systems.
We have validated SSO for Microsoft, Google and Okta, but in principle it should work for any other IdP using SAML.
You have the possibility to set up SSO to the MyTranssmart account for your users; in the menu [Manage account] we have added the tile Single Sign-On.
Note: if the tile is greyed out, it means SSO has been set up on the parent account for this account.
A new page will open.
Explanation of fields:
- By default SSO is disabled. Toggle it on to enable it.
- In the Account code dropdown, you can select for which account(s) SSO will be set up. It can be either only for a parent account, only for specific sub accounts or for a combination of both.
- The Transsmart URL is a value we provide; you need it to setup SSO in your environment. You can see the button Copy info to copy it to the clipboard.
- The Setup based on dropdown shows 2 options: “Meta Data” (used by Google) and “Meta URL” (used by Microsoft) and it determines the value of the next field.
- Fill in either the Meta Data or Meta URL, depending on the choice you made in step 4. This value comes from you / your SSO provider.
- Fill in the Login redirect URL. This value comes from you / your SSO provider.
- Optionally fill in the Issuer. This value comes from you / your SSO provider; not every provider or setup needs this field to be filled. See example screenshots below for some known configurations for Microsoft and Okta.
- Press Save to save the changes.
Examples
Microsoft:
Okta:
Notes
- From the moment SSO is activated for an account, only users with an SSO account can log in. So the ‘traditional’ username/password login of MyTranssmart will not work anymore.
- A user needs to be created in MyTranssmart before being able to log in with SSO.
- SSO is only applicable for logging into the MyTranssmart dashboard. It has no effect on the webservice/API integration users so you are still able to create and use those type of user accounts.
The login page of MyTranssmart has been split into 2 pages:
- On page 1 you fill in your email address and press Next.
If SSO is active for that user/account, the first time it will redirect the user to the login page of Microsoft or Google. But from then, once logged in, it will directly log in MyTranssmart the next time you visit the first login page of MyTranssmart and press Next. - If SSO is not active -so the way it always was until now- it will show a second page in which you need to enter your password and press the button Login.
If you want to sign in with a different user (or made a typo in the email address) you can easily go back to the first page by clicking the email address field.
If you have forgotten your password, you can click Forgot your password? and you will receive an email to reset your password.
Note: this will only work for ‘traditional’ user accounts, so the ones with username/password. Resetting a password for an SSO account needs to be done via Microsoft or Google.