What is SSO?
SSO (Single sign-on) allows members of an organization to use a single ID and password to gain access to their Beautiful.ai account using the Identity Provider (IdP or SP).
How does SSO work?
With Single sign-on, when you try to log in the account is required to be authenticated before access is granted.
Strict SSO
When an organization has its SSO set as Strict, then, its members are only allowed to log in using the Identity Provider, (IdP or SP). They’re not allowed to log in using email/password or Google.
-
-
Upon login, it will show “Login with Single Sign On” button only.
-
Non Strict SSO
If SOO is set as Non Strict, users within the organization can use both, SSO and login/password/google.
-
-
Both of the conventional “login” and “Google” buttons will be shown on the B.AI log in page.
-
Enabling SSO
To enable SSO in Beautiful.ai, click on Profile and from the Advanced tab, select Enable SSO.
Verify your domain and follow the steps below for IdP or SP initiated flows
IdP - Identity Provider Initiated Flow
With IdP login, members of the organization must log in to their IdP SSO page (e.g. OKTA, One Login, Active Directory) in order to gain access to the account.
Steps:
You may start at Step 1 or Step 3
-
Once the login option is selected, it'll automatically check to see whether the account email has already been authenticated (i.e. checks to see if you were logged into OKTA, One login, Active Directory). If so, you gain access to the site.
-
If you haven’t, you're re-directed to the Identity Provider to log in. It'll verify the account username and password against the information in its user database.
-
You start at one of the Identity Provider and use the single username/password associated with your company.
-
The SSO solution passes authentication data to the website. Some IdP will require you to click on an icon.
-
After login, the site passes authentication verification data to the website and the account gains access to the site.
SP - Service Provider Initiated Flow:
With SP login, members of the organization log into their account and an authorization request is sent to the Identity Provider; such as OKTA, One Login, Active Directory. Once IdP authenticates and verifies the member’s identity, the user is automatically logged into their account.
Steps:
-
Once SSO has been enabled, upon entering an email address, it will detect if the account's organization has SSO. If so, the password field will disappear from the window and the “LogIn with Single Sign On” button will appear.
-
If the account has already been authenticated with the Identity Provider you will gain access to the site.
-
If the account hasn't been authenticated, you will be redirected to the Identity Provider page to verify your username and password.
-
Once the SSO solution passes authentication data to the website the account gains access to the site.
Comments
2 comments
If you haven’t, you're re-directed to the Identity Provider to log in. logo sweet It'll verify the account username and password against the information in its user database.
When an organization has its SSO set as Strict, then personalised hats , its members are only allowed to log in using the Identity Provider, (IdP or SP). They’re not allowed to log in using email/password or Google.
Please sign in to leave a comment.