UPDATE:
New security settings have just been released on the web to offer more flexibility with optional SSO login configuration, using these advanced settings.
--------------------------------------------------------------------------------------------------------------------
We now offer a Single Sign on (SSO) implementation that allows your workers to be signed in to the eCompliance app automatically when they are using your company network or intranet.
Once enabled on an account by a Customer Success Manager, System Admins will find the SSO settings in the "Settings" tab on the lower left-hand side of the eCompliance home screen. SSO is currently offered for web and mobile, with a third party provider.
The steps to enable SSO on web can be found here. Please carefully follow the steps below to enable SSO on the mobile application for your team.
NOTE: All mobile users must be on version 7.15 (or above) to be required to login via SSO. Any user on version 7.17 or above will not be able to use email/username and password to log in to their mobile application if mobile SSO is on and configured in your eCompliance account.
- Okta
- Azure SSO
Okta SSO Setup
1. Create new application
2. Add settings
3. Take note of cool client id for application
4. Assign application to users. Ensure email addresses in Okta and in employee profiles in eCompliance match.
WARNING: Any user not added to Okta will not be able to log into the mobile eCompliance application when this feature is enabled in your account settings in eCompliance.
5. Settings > api > edit authorization server (default or custom)
6. Take note of Issuer url. Appending /.well-known/openid-configuration
to the end of the issuer url should take you to the metadata document for this authorization server.
7. Add claim
8. Enter claim details (important! name must be emailAddress
9. Verify token by generating one for a test user. id_token must be generated and must have the field emailAddress
with a valid user email
10. Go to eCompliance web > Settings > SSO Settings > enable mobile sso > fill in client id and issuer url from previous steps. The issuer url is entered into the Domain URL field and the client id is entered into the Public ID field.
WARNING: Do not proceed with this step of enabling mobile single sign on until all steps above are complete. Failure to correctly configure your Okta SSO setup with this feature enabled will block your users from logging into their mobile eCompliance application.
11. Test login via mobile app, user must have a valid account in eCompliance with the same email address that is registered in Okta.
Azure SSO setup
1. Create app in app registration
2. Enter a name and click register
3. Will be redirected to app details page and take note of public client id
4. Click endpoints and endpoints blade should open on the right. Take note of open id metadata endpoint but do not copy '/well-known/openid-configuration' suffix
5. Go to Authentication > Add a platform > Choose mobile and desktop application
6. Add custom redirect URI ecMobile://com.ecompliance.mobile/
(note the extra backslash at the end)
7. Navigate to Enterprise applications > find new app in list
8. Navigate to Single sign on > edit in Attributes & claims > add a new claim
9. Add a new custom claim called emailAddress
and choose user.mail
from attributes dropdown
10. Navigate to Users & groups menu and assign users. Ensure email addresses in in this section and in employee profiles in eCompliance match.
WARNING: Any user not added to this section in MS Azure will not be able to log into the mobile eCompliance application when this feature is enabled in your account settings in eCompliance.
11. Navigate to App registrations > select eCompliance app > Manifest and set acceptMappedClaims
to true
to allow custom claims in tokens
12. Fill in the public id and issuer url from previous steps in eCompliance > Account > SSO Settings page. The issuer url is entered into the Domain URL field and the client id is entered into the Public ID field.
WARNING: Do not proceed with this step of enabling mobile single sign on until all steps above are complete. Failure to correctly configure your MS Azure SSO setup with this feature enabled will block your users from logging into their mobile eCompliance application.
Comments
0 comments
Article is closed for comments.