What is Single Sign-On (SSO)?

Single Sign-On (SSO) is an authentication process that enables users to access multiple applications or services with a single set of login credentials (username and password). Instead of logging into each application separately, users authenticate once through a centralized system, which grants access to all connected applications without requiring additional logins.

Benefits of SSO

• Convenience: Users only need to remember one set of credentials, reducing the burden of managing multiple passwords.
• Efficiency: Streamlines the login process, saving time and improving productivity.
• Security: Reduces the risk of password fatigue (reusing passwords across multiple sites), thereby enhancing security.
• Centralized Authentication: Allows for better control and monitoring of user access and activity.

Overall, SSO simplifies user management, improves security, and enhances the user experience by reducing the number of times users need to log in.

How Does SSO Work?

• User Requests Access: The user attempts to log in to an application or service.
• SSO System Verification: The application redirects the user to the SSO system for authentication.
• Authentication:
  • If the user is not authenticated, they are prompted to log in.
  • If the user is already authenticated, the login prompt is skipped.
• Token Generation: Upon successful authentication, the SSO system generates a token or session.
• Access Granted: The authentication token is passed back to the application, granting access.

On the mobile app, a user will enter the mobile number associated with their user profile, resulting in the application redirecting the user to the SSO system for authentication. Once the user authenticates, they are redirected to the SPOTIO mobile app.

When logging in on the Web app, the user provides their email address resulting in the application redirecting the user to the SSO system for authentication. Once the user authenticates, they are redirected to the SPOTIO Web app. 

SSO Integrations Supported by SPOTIO

SPOTIO supports SSO integration using SAML (Security Assertion Markup Language) and SCIM (System for Cross-domain Identity Management) 2.0 protocols, allowing integration with popular identity providers, including:

• Microsoft Entra ID (formerly Microsoft Azure Active Directory)
• Google Identity Platform
• IBM Security Verify
• OneLogin
• Okta

SAML - Security Assertion Markup Language

SAML is primarily used for exchanging authentication and authorization data between parties, particularly between an identity provider (IdP) and a service provider (SP).

It allows users to login to one platform using the credentials set up in a different platform.

SCIM - System for Cross-domain Identity Management

SCIM is a standard for automating the exchange of user identity information between identity domains, or IT systems. It is used for user provisioning and management rather than authentication itself, often in conjunction with other SSO protocols. It allows for centralized user management in one system and populating the changes to external applications. For example: users are added/deleted in Entra Id and SPOTIO reads all changes regarding the user base.

SAML Configuration for SPOTIO

To configure SAML integration in SPOTIO:

• Login to SPOTIO as an admin.
• Navigate to Settings → Integrations → SINGLE SIGN-ON (SSO).
• In the SSO Settings page, locate the following details:
  • Audience (Entity ID)
  • ACS (Consumer) URL
• Copy these values and provide them to your Identity Provider (IdP).
• From your IdP, copy the following details back into SPOTIO:
  • Issuer URL (Metadata XML)
  • X.509 Certificate (PEM)
• Click Save to authorize the integration.
• Once saved, the SAML authentication setup will be complete.

SCIM Configuration for SPOTIO

To configure SCIM integration in SPOTIO:

• Login to SPOTIO as an admin.
• Navigate to Settings → Integrations → SINGLE SIGN-ON (SSO).
• In the SSO Settings page, enable SCIM.
• Click Generate Token to create a SCIM Bearer Token.
• Copy the following values and provide them to your Identity Provider (IdP):
  • SCIM Bearer Token
  • SCIM Base URL

Attribute Mapping for User Provisioning

When configuring SCIM, you will need to map user attributes between your IdP and SPOTIO. This process will vary based on the IdP you are using. For specific instructions on setting up SCIM with your provider, we have the following guides: 

• Microsoft Entra Id
• OneLogin

Don't see your provider listed here? Reach out to our Support team for more information!

Conclusion

By following these steps, your organization can successfully integrate SPOTIO with your Identity Provider using Single Sign-On, improving security, efficiency, and user experience. For further assistance, reach out to SPOTIO support.