Single sign-on (SSO) will allow you to log in to the Clozd Platform by using credentials from a different authorized provider.
This article contains the following sections:
Overview
Single sign-on (SSO) is a user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications. This would allow you to log in to the Clozd Platform using credentials from a different provider.
In a basic web SSO service, an agent module on the application server retrieves the specific authentication credentials for an individual user from a dedicated SSO policy server, while authenticating the user against a user repository, such as a Lightweight Directory Access Protocol (LDAP) directory. The service authenticates the end user for all the applications the user has been given rights to and eliminates future password prompts for individual applications during the same session.
If you are interested in setting up SSO for your Clozd account, reach out to your account representative or Clozd Support. We support Google, Okta, and SAML configurations.
Subdomain
In all cases, a subdomain will be assigned to your account (typically your company’s name) that you will use to log in and access the Clozd Platform going forward. For example, if the organization Meridian used Google SSO, they would have to navigate to 'meridian.app.clozd.com' to access the Clozd Platform and would be directed to Google's sign-in page. Once logged in, they would be redirected back to the Clozd Platform.
You would not be able to get into the Platform by going to 'app.clozd.com' and clicking "Login with Google". This is enforced to ensure a level of security for the account and to enforce that only approved users can log in.
Managing Users
Managing users works slightly differently for organizations that have SSO enabled.
User Creation
After SSO has been enabled, users can either be created manually or automatically.
If a user is created manually, the process is the same as any other account and can be done from the Users section (see Managing Users). The user added will get an email invite where they can log in and set up their account. The benefit of adding users manually is that permissions can be added from the beginning and the user can be signed up for notifications.
Users created automatically will be given very basic-level privileges and will not be signed up for any notifications. Enabling notifications can be done from the Users section after the user has been automatically created. Users can also update their individual notification preferences from the user profile dropdown in the top right corner of the app (For further instruction, see Account Settings). Creating a user automatically happens when the user logs in via their account login page. If they are authenticated by the SSO method determined and the user does not exist in the database, the user will be automatically created and given base-level permissions.
Denying User Access
If an account admin no longer wants a user to have access to Clozd, they can go about it two different ways. They can withdraw privileges from their SSO Identity Provider. For example, if using Google, they can disable the Google account for a specific user. Alternatively, they can disable them in the Users section on the Clozd Platform.
Note: A user that has been deleted will not be denied access to the Clozd Platform, they can log in and will be recreated. Only disabling a user will prevent them from having access to Clozd.
Configuration
We currently offer three options for single sign-on (SSO) authentication: Google, Okta, and SAML. Work with your Clozd Consultant or Support to configure whichever one your organization uses.
If your company uses Google SSO, the only thing you need to do is provide your organization’s email domain to support@clozd.com and we’ll take it from there. The email domain is used to ensure that any person logging in via their organization login page belongs to the correct organization.
Once configured, your login page will look like this:
Okta
Okta configuration needs to happen on both the Clozd side and the Okta side. To start, a representative from Clozd will assign your organization’s subdomain. Then, follow the steps in this article. Once you have completed these tasks, send Clozd Support your Client ID, Client Secret, and Issuer URL and we will finish the configuration on our end.
Once configured, your login page will look like this:
SAML
Configuration with Security Assertion Markup Language (SAML) also requires setup both on the Clozd side and on the Identity Provider (IdP) side. This setup is more technical than the other configurations because it is different for every organization and as such often requires some trial and error. Reach out to support@clozd.com for assistance and further instructions.
Once configured, your login page will look like this:
Questions?
For questions about the fit of SSO for your Clozd Win-Loss Program, please contact your Clozd Consultant.
For questions about the integration or troubleshooting, please contact support@clozd.com.
Comments
Please sign in to leave a comment.