- Single sign-on (SSO) is a session and user authentication service that permits a user to use a single set of login credentials to access multiple applications. Example: Google, LinkedIn, Twitter and Facebook - all offer popular SSO services that allow an end-user to log into a third-party application with their social media authentication credentials.
- Some SSO services use protocols such as the security assertion markup language (SAML).
- SAML is an XML standard that facilitates the exchange of user authentication and authorization data across secure domains. SAML-based SSO services involve communications between the user, an identity provider that maintains a user directory, and a service provider.
- Allows the user to login using the single set of login credentials provided by their organization to access multiple applications.
- When a user of an organization that has implemented SSO using SAML 2.0 hits the sign-in page of Fyle and enters their email address, he/she is redirected to another page hosted on their company server. Here, the user provides a single set of credentials associated with their organization. After entering the SSO login credentials, the user is redirected back to Fyle and lands on the Dashboard page directly.
- SSO is very helpful because the user will have to just remember only one set of login credentials for many applications.
- SSO is useful when a company mandates that the login for a third-party application must happen via their own server. This also ensures authentication only to registered employees.
- In cases where an employee quits a company or is removed, nothing will have to be done in our backend to reflect that. Automatically, the removed user will not be able to access Fyle because he/she is no longer authenticated by the company on their own server.
- SSO can be enabled for an organization if they have an infrastructure for SSO using SAML 2.0 in place. For organizations that don’t support SSO or support SSO but not via SAML 2.0, this feature does not make sense.
- If an organization has the infrastructure for SSO, the admin can enable support for SSO from the Settings page under the Security tab by selecting SSO Integration.
- Click on Enable SSO for this org. Next, you’ll have to provide two mandatory details:
IDP Name - The IDP name of your organization as per the ACS URL in the SSO setup.
Metadata File - Attach the SAML metadata file required for the SSO integration.
- Once the SSO integration is enabled, the users will have to log in only via SSO. Care must be taken while enabling the feature because providing incorrect details will block the users from logging in successfully.
https://accounts.app.fyle.in/app/router/#/signin will take you to the sign-in page. Here, enter the email ID for sign-in. If the domain of the email ID is that of an organization for whom SSO has been enabled, then it directly redirects to the login page on their own server.
- After providing the login credentials there, if you’re an authentic employee of that company, you will be authorized and redirected back to Fyle home page.