Single sign-on (SSO)

Tags

Ermeo allows you to use the SSO (Single Sign On). The SSO will allows you to access easily to your Ermeo account, by using your company's personal account. You will have a central authentification for all your application, and so an username/password less to store.

The pros to use the SSO are :

  1. Allows users to remember and manage fewer passwords and usernames for each application.
  2. Simplifies the process of logging in and using applications - no need to re-enter passwords.
  3. Allows your company to manage the rights of users to access certain applications.
image

1. The implementation

The Ermeo Single Sign-On SSO is based on Oauth2 and OICD protocol. Any types of SSO that are compliant with this protocol type can be implemented.

As an result, we can support any Oauth2/OICD compliant platforms for single sign-on (Google/Okta, etc.).

Below, you can find the list of the compliant platforms that we have already implemented for your client.

image
image
image
image

Our single sign-on is available on all of your platforms (IOS/Android/Window/Web) and once it's enabled, all users of your workspaces can access it.

To be able to log in, the users must have a valid Ermeo account.By default, the link between the Ermeo account and your company account is done through the username (Ermeo Side) and your email adress (Company side). This link can be customized.

You have the choice to enable only the SSO authentification or to keep the two way of connection. (Ermeo and SSO).

2. How to implement the SSO ?

The integration of a new SSO is done on two steps.

The first step is the integration of the SSO on a sandbox environment. This allows us to validate the integration with you before going in production.

The second step is the release of the SSO in production.

To perform the integration you must provide a list of information to ermeo configured inside your SSO provider.

  • Step 1 : Integration of the SSO on a sandbox: Sandbox environment

1. The Application Credentials

client_id : xxxxx-xxxxx-xxxxx

client_secret : xxxxx-xxxxx-xxxxx

  1. The configuration of the sso provided on your side. (Endpoints / Protocol supported etc...)
Generally you have an endpoint that return all the informations on your service
Ex:https://host/auth/realms/???/.well-known/???

3. You must authorize redirect_uri provided by ermeo

4. An account of test

5. The contact of a technical person on your side that can provide support from your SSO if an unexpected issue is encounter

  • Step 2 : Integration of the SSO on production: Production environment

Same information but with others values (client_id/client_secret/ authorize redirect_uri etc...).

💡
Note To request an SSO integration, you must contact the Ermeo team. You can ask to your Account Manager or create a ticket by sending an email to help.desk@causeway.com (in the subject of the email, you can mention that you would like to implement the SSO). A file to fill will be send to you, with all the requireds informations to provide.

⚠️ Testing the SSO Configuration :

Before sending the completed file, you should check that your configuration for the integration is set up  correctly. This will avoid a lot of unnecessary back and forth and wasted time for both parties.

You must use the authentification flow that will be implemented and test that you can authentificate the test user account.

If you got any issues implementing the SSO , you can send an email to your technical contact in Ermeo or to help.desk@causeway.com.