What Is Single Sign-On (SSO)? How does it work, and why is it important to use it for security?
Single Sign-On (SSO) Explained:
Imagine using one key to unlock multiple doors. That's essentially what SSO does! It's allows you to access various applications with a single login. This saves you time and adds an additional layer of security.
In Rebrandly, SSO authentication allows you to leverage your existing login credentials from another trusted system (such as your company's login system) to access Rebrandly without needing a separate login. This provides several benefits, particularly in terms of security.
How SSO works:
- Log in once to a trusted system (such as your company login).
- This system acts as an identity provider (IdP), verifying your identity and creating a secure digital key.
- When you try to access other applications (service providers (SPs) like Rebrandly), you're seamlessly connected using that key, skipping the need for separate logins.
Why is SSO important for Rebrandly security?
SSO significantly boosts Rebrandly's security by:
- Reducing the attack surface: You only manage one strong password for the IdP, eliminating the need for multiple passwords and reducing the risk of weak passwords being exploited.
- Mitigating password theft: Even if someone steals your IdP credentials, they can't access Rebrandly directly as you never enter your Rebrandly password there.
- Centralizing control: IT admins can manage user access and enforce security policies through the IdP, streamlining security and minimizing human error risks.
In essence, SSO provides a convenient and secure way to access Rebrandly while significantly enhancing its overall security.
Other important notes:
-
Rebrandly uses only SAML Sign-On
- Right after we are done configuring your single sign-on experience, you will be able to configure automatic workflows to have your collaborators automatically added, with a designated role, in some or all (or none) of your Workspaces. This configuration is done directly in your Rebrandly Dashboard and greatly simplifies your collaborators' first experience, as they will see the custom workspaces you envisioned they use. This step also ultimately saves you time in manually creating many invites for your existing and future collaborators to join.
- Share this Rebrandly Entity Id https://oauth.rebrandly.com/ with your SSO provider.
Watch a demo: click on to start the demo.
How to set up SSO for your account
-
Provide the following information:
- Integration Name: The name of the configuration.
- Metadata URL: The URL of the metadata XML released by your identity provider.
-
Entity ID: The attribute in the metadata XML at the root level.
- Submit to move forward.
- The system provides an ACS URL. The Assertion Consumer Service (ACS) URL is where the Identity Provider redirects an authenticated user, after login.
- Click Add domain to add your domain name.
-
Select the correct Role and Workspace.
- Role: This determines the level of access users will have within the SSO integration.
- Workspace(s): Select the specific workspace(s) where the user wants to enable SSO for this domain.
-
Upon clicking "Save" the domain will be added to the list of Single Sign-On (SSO) domains.
- Close to step back to the Account Settings.
-
You can now:
- Add a new domain: by clicking on "Add domain."
- Manage existing domains: by clicking on a domain name, users can edit its settings, such as adding new rules or modifying existing ones.
Most popular SAML Identity Providers for SSO
The main goal of SSO is to simplify identification processes, so that users feel free and secure when accessing multiple servers, portals, databases and applications. Find below the list of the most popular providers in this sector.
Frequently asked questions
-
Is SSO available for every plan?
No, SSO is a premium feature available only on the Premium plans and up as a default feature and on the Professional Plan as an addon.The Professional plan addon also includes 3 teammates.
-
How do I set-up the SSO for my account?
If your account has the SSO enabled:- Go to the "Account" tab.
-
Look for the label "Single Sign-On (SSO)" and click "Set up SSO."
-
What SSO type do you support?
Rebrandly currently supports SAML 2.0 SSO.
-
What information do I need to register for SSO?
You’ll need to provide:- Integration Name (a name for your configuration)
- Metadata URL (the URL of your identity provider's metadata XML)
-
Entity ID (an attribute in your metadata XML's root level)
-
What happens after submitting my information?
You'll receive the Assertion Consumer Service (ACS) URL. This is where your identity provider will redirect users after a successful login.
-
Can I modify the Integration Name, Metadata URL, or Entity ID?
Yes, you can edit these details anytime by selecting the domain name in your "SSO Domain List."
-
Will changing Integration Name, Metadata URL, or Entity ID affect the ACS URL?
No, the ACS URL will remain the same even if you change these data.
-
Can I activate SSO login without connecting domains to it?
No, SSO login functionality requires connecting at least one domain. Additionally, you'll need to set user roles and assign workspaces for SSO to work properly.
-
Where can I manage SSO settings and domains?
You can access and modify SSO settings, as well as manage connected domains, from the "Account" tab on your dashboard.
This article is about:
- What is SSO
- Sign-On Authentication
- Importance of using SSO with Rebrandly
Related Articles:
Comments
0 comments
Please sign in to leave a comment.