Single-Sign On (SSO) in Risk Management
Who is this article for?Site Administrators who want to learn more about Single Sign-On (SSO) functionality.
Site Admin permissions are required.
Single Sign-On (SSO) gives your Users an alternative way to login to the application, using their business credentials. This article will answer some of the high-level questions about the functionality so you can decide if it's suitable for you.
In this article:
1. Overview
Benefits
Users will only need to use one set of credentials to access many systems, reducing confusion with usernames and passwords, and support requirements for login issues.
As those credentials will be managed by your internal systems, you can also ensure that they meet your password management policies.
Using SSO
Once configured, the SSO utility is accessed via any link or the SSO login link.
Users wanting to login with their Ideagen Risk Management credentials can still do this by going to the usual login page directly (https://<your site name>.pentanarpm.[uk/us]/login).
When someone tries to access Ideagen Risk Management via the SSO login link, a chain of events is triggered:
- SSO configuration redirects the access request to your internal identity provider (IdP). User is directed to your identity provider login screen.
- User logs into the IdP, using their email address and password.
- IdP confirms whether the login is correct and, if it is, passes the email address back to Ideagen Risk Management.
- Email address is checked against the users in the system, and if there is a User account with this email address, they are logged in.
- If the access fails at any stage, the User will not be logged in to Ideagen Risk Management and the error will be logged in our system.
As the user authentication is handled by your IdP, our systems do not access any sensitive information.
2. Configuring SSO
To implement SSO, a relationship must be created between your Ideagen Risk Management site and your identity provider, by creating a relaying party or another type of association.
To configure this, you will need a:
- IdP system which can be configured in this way (ADFS, Microsoft Entra, Google IdP, Shibboleth, etc.) and which supports SAML 2.0.
- Public encryption certificate (which may be self-signed) which is used to authenticate the process.
This configuration will involve modifying IT systems configuration, so we will need to work with a member of your IT team to configure SSO.
Want to enable Multi Factor Authentication for your users?
We are only able to enable this function for sites that aren't already configured for SSO. To enable your users to use MFA, speak to your SSO provider.