Single Sign On is a security feature that enables customers to log in once, externally, and be able to access multiple applications. The protocol used for this is SAML, an XML-based open standard. It uses cryptography and digital signatures to pass a secure sign-in token from the identity provider to the application - in this case Presspage.
We currently offer SAML-based Single Sign On via four identity providers: Azure AD, Okta, PingIdentity and OneLogin. This will need to be set up manually by Presspage in close cooperation with your IT team.
First, you'll need to define a new app in your Identity Provider if it's not already there (there are pre-configured apps available for Okta and Azure). Give it an appropriate name, such as Presspage. You'll also be asked for a Single Sign-on URL or Assertion Consumer Service URL, which can be supplied by Support.
If asked by your Identity Provider, the SSO process is SP-initiated, which means that the user logs in with the Service Provider (Presspage), then authentication takes place with the Identity Provider (see list above) and after a successful authentication, then gets access to the Service Provider.
We do not provide an encryption certificate for AuthnRequests on our end, so this step may be skipped.
If an Audience URI or Entity ID is required, please enter the same URL as above. You will also be asked about the Name ID Format, which is the piece of information we use to identify the user. We do that using the email address, so choose Email.
After finishing the setup, we require the following information from your end:
- SSO url (the SAML endpoint)
- Entity ID / Issuer ID (requires a metadata URL)
- Your public certificate
For Azure, the SSO url and the EntityID (may also be called Azure ID) will include your tenant ID. If necessary, you can look up your tenant ID via https://www.whatismytenantid.com/
If your Identity Provider gave you a XML metadata file after setup, there should be a node called
<X509Certificate>. That node includes the public certificate.
The following identity providers have created support pages to help enable Single Sign On with Presspage:
To have this feature enabled and set up for your account, please contact Support. If your identity provider is not listed, please contact Support as well to have us look into the possibilities.