Single Sign On is a security feature that enables customers to log in once, externally, and be able to access multiple applications. The protocol used for this is SAML, an XML-based open standard. It uses cryptography and digital signatures to pass a secure sign-in token from the identity provider to the application - in this case PressPage.
We currently offer SAML-based Single Sign On via three identity providers: Azure, Okta and OneLogin. To set this up, we require some information from your IT team.
First, you'll need to define a new app in your Identity Provider if it's not already there (Okta, Azure). Give it an appropriate name, such as PressPage. You'll also be asked for a Single Sign-on URL or Assertion Consumer Service URL, which can be supplied by Support.
If an Audience URI or Entity ID is required, please enter the same URL as above. You will also be asked about the Name ID Format, which is the piece of information we use to identify the user. We do that using the email address, so choose Email.
After finishing the setup, we require the following information from your end:
- SSO url (the SAML endpoint)
- Entity ID / Issuer ID (requires a metadata URL)
- Your public certificate
For Azure, the SSO url and the EntityID (may also be called Azure ID) will include your tenant ID. If necessary, you can look up your tenant ID via https://www.whatismytenantid.com/
If your Identity Provider gave you a XML metadata file after setup, there should be a node called
<ds:X509Certificate>. That node includes the public certificate.
To have this feature enabled and set up for your account, please contact Support. If your identity provider is not listed, please contact Support as well to have us look into the possibilities.