How to setup and use Single Sign On (SSO)
In release 5.10.0
we have introduced a new feature (EP-3835) :-
The login page has been updated show an additional step when logging in with SSO.
When logging into epaPRO using SSO, if multiple epaPRO users are found, an intermediary screen is offered so that the user can select the epaPRO account that they wish to login as. If an epaPRO user is found to be linked to an SSO account, that user is automatically logged into epaPRO as normal.
What is SSO?
Single sign-on (SSO) within a company refers to the ability for employees to log in once with one set of credentials to allow them access to all applications, websites, and data for which they have permission.
SSO also solves a key problem for businesses by providing greater security and compliance.
Please note there are limitations with SSO and one reason we do not recommend multiple user accounts e.g. if you login as an EPAM and a QA user.
SSO is token linked to a login and therefore is a 1-to-1 relationship.
In order for this to be an option in epaPRO, it must first be enabled for your company via a support request ticket. Once this feature is enabled then it can be set up for the individual users.
Setting up for individual users
There are two options that can be utilised -
Login with Google
Login with Microsoft.
Depending on which account your company has setup, will determine which of these needs to be enabled.
For example if you utilise Microsoft Office 365/Azure directory - then you enable the Login with Microsoft option
Example with a Provider User
Initial Step for EPAO
In order to enable this option for a user, the following slider(s) need to be on for each user. You can enable just one slider or both, depending on what you are using; Google or Microsoft. Make sure to save the user at the end.
Steps for the User
2. Inform the user and they can login as normal with their epaPRO User Name and password. They then need to click on their name top of the screen and click on Edit your profile
3. Go to the External Calendar & SSO tab, and depending on which has been enabled for your organisation, they may see one, or both of these options.
4. Clicking on the Link your account to Microsoft will show a pop up similar to this
The Google initial sign in screen will look like this
5. You need to accept the request(s) and then click on Update my profile to save the new settings. A green confirmation will show at the top of the page to confirm it has linked ok.
6. Log out of epaPRO and then log back in, there will be an additional option(s) visible.
7. If you opt to login using the “Sign in with Microsoft” button it will sign you directly in with your Office365/Azure directory credentials.
Note:- the user will still have the option to login with the original Username and password they had been using to sign in to epaPRO assuming that this is not later toggled off by the EPAO.
Please note that due to restrictions on when the verification process with Google can begin, users may receive a warning when linking their account and the functionality may not work for some users. We’re working on resolving this with Google and getting the integration verified as soon as possible.