AUTTO can integrate with identity providers (IDPs) such as Microsoft Azure, Okta and SecureAuth that provide single sign-on (SSO) functionality for your corporate network. This feature enables your users to log on to AUTTO using the same credentials they used to log on to your network. Thus, your organisation's IT administrators don't need to create separate users for AUTTO. Instead, they can provide your users with access to AUTTO just like any other application.
NOTE: Single Sign-On is currently available to Corporate and Enterprise customers only. For more information on our pricing plans, click here.
Table of Contents
- Understanding SSO Access in AUTTO
- Setting Up SSO Access in AUTTO
- Logging On to AUTTO Using SSO
- Important Considerations When Using SSO with AUTTO
Before you can enable SSO access in AUTTO, you need to have the following:
- The Identity Provider (IDP) Certificate stored in the correct format with a .crt file extension.
- Identity Provider (IDP) log-in URL (http-redirect URL).
- Identity Provider (IDP) Entity ID.
The process for getting the IDP Certificate and URL may be different depending on the provider. For example, for Salesforce, you need to develop a custom app that will require you to provide the following information:
- AUTTO ACS URL: https://saml.autto.io/saml/redirect
- Subject type: username, name
- ID format: email address
- Certificate: default (all static/same for everyone)
- IdentityID: Your autto.io URL. For example, mycompany.autto.io.
As can be seen in the Salesforce example, setting up SSO access with your current IDP may require technical expertise, including the ability to understand the IDP's technical documentation.
Understanding SSO Access in AUTTO
There are two types of SAML SSO settings you can set up for your users, namely:
- SSO for Admin Dashboard
- SSO for User Dashboard and Workflows
The SSO for Admin Dashboard access allows the administrators and managers tasked with creating your workflows to use their SSO credentials in logging on to the AUTTO Admin Dashboard.
The SSO for User Dashboard and Workflows access allows your designated workflow users to use their SSO credentials in accessing their User Dashboard and the workflows that they can work on or are assigned to them.
You can choose to enable either both or just one of these two types for your organisation.
Setting Up SSO Access in AUTTO
Your organisation's AUTTO administrators need to enable and set up SSO in AUTTO before your users can log on to the web application with the same credentials they use for logging on to your company network.
NOTE: If you are delegating this task to your IT administrators, you should send them invitations to become AUTTO administrators in your organisation first. Once they accept your invitation, they can then perform this operation. For more information, see Inviting Administrators.
To set up SSO access in AUTTO:
- On the Admin Dashboard, click the Main menu on the top-right, then click Administration.
- Click the SAML SSO tab.
- Click any or both of the buttons under the Enable SAML Settings section. SSO for Admin Dashboard enables SSO access to your Admin Dashboard while SSO for User Dashboard and Workflows enables SSO access to the User Dashboard and Workflows to all AUTTO users in your organisation. In the screenshot below, the SSO for Admin Dashboard is enabled while the SSO for User Dashboard and Workflows are disabled.
- Click the SAML SSO Settings arrow at the bottom, then click the Choose file button and select the Identity Provider Certificate from its location on your network or desktop.
- Enter the Identity Provider Login URL in the appropriate box. This usually follows the format mycompany.okta.com.
- Enter your custom AUTTO.io domain in the Entity ID box. For example, mycompany.autto.io, where mycompany is your AUTTO subdomain.
- Click Save.
WARNING! If you enable SSO, and you fail to provide the correct Identity Provider Certificate, Identity Provider URL, and/or Entity ID, your users will be blocked from logging on to and using AUTTO. Contact your IDP to get the correct Identity Provider Certificate and Identity Provider URL. AUTTO provides your Entity ID in the form <yoursubdomain.autto.io>, e.g. yourcompany.autto.io.
Logging On to AUTTO Using SSO
Once SSO access to AUTTO is enabled, your administrators and/or users can already log on to part of the application to which they have access, e.g. administrators can access the Admin Dashboard and users their own User Dashboard and/or workflows. The access is dependent on the SAML SSO settings enabled in Setting Up SSO Access to AUTTO.
To log on to AUTTO using your SSO credentials:
- Enter your AUTTO URL on your web browser.
- On the Login page, enter your email address.
- If the email is on the authorised list of Admins and/or Users in AUTTO, you are redirected to the Identity Provider, e.g. Okta and SecureAuth.
- Complete the Login process by entering the credentials and MFA required by your SSO provider.
- Upon authorisation, you are redirected to AUTTO and logged on to either the Admin Dashboard, if you are an Administrator or Manager, or the User Dashboard, if you are an AUTTO User.
Important Considerations When Using SSO with AUTTO
Take note of the following after integrating AUTTO with your IDP:
- Your organisation will have an SSO Invitation Required - Only Invited Users publishing type that you can use for your workflows. Similar to an Invitation Only workflow, this publishing type allows users to access workflows using their current SSO credentials.
- An SSO user cannot execute Invitation Only or Registration Only workflows, but only workflows with the SSO Invitation Required - Only Invited Users publishing type. This is because SSO users are not assigned a password in AUTTO but are authorised by the SSO IDP provider. Registration Required and Invitation Only workflows require users to have a password in AUTTO.
- Non-SSO users can be invited to the workflow using the links found under a workflow's publishing settings. For more information, see Controlling Access to Workflows.
- SSO users can be invited to a group via their email addresses. Users can then log on to AUTTO using SSO.
- An SSO user who is registered in AUTTO can be added/removed from a User Group to manage access to SSO workflows. For more information, see Managing User Groups.