Single sign-on (SSO) is an authentication method that enables users to securely log in to multiple applications and websites using one set of credentials. Users must enter their username, password, or other login information once on a single page to access all SaaS applications.
SSO works based upon a trust relationship between a Service Provider, such as Paydock, and an Identity Provider (IdP), such as Auth0. Both parties exchange an SSL certification (i.e. encryption protocol). Its purpose is to validate information sent from the Identity Provider to the Service Provider so that the Service provider knows that the data comes from a trusted source.
To activate the SSO feature:
- Log into your Identity Provider’s dashboard or contact their support team to attain your account’s IdP Metadata.
- Go to Paydock’s Dashboard at Profile menu > My Brand > SSO setup.
- Populate the IdP Metadata field in XML format.
- Check the Response Assertion Encrypted box to encrypt data transmitted to the Identity Provider side. Generate an SSL certificate and populate the Encryption Private Key and Encryption Certificate. Enable encryption on the Identity Provider side to support this option on your account.
- Click Submit. Three new links are generated.
- Copy the Assert and Metadata links into your Identity Provider’s configuration settings.
- Use the Login Direct link to access the account with your credentials.
Here is clarification on the newly created Active Setup Links:
- Assert link - the correct direction of the assert response from the Identity Provider.
- Metadata - the information for a Service Provider about an Identity Provider.
- Login direct link - a working link for logging into your Paydock account.
Please note: It is required to keep the expiration of the SSO to make sure the certificates are updated before the expiration date. In case the renewing of the certificate is skipped, the login into the system will be blocked (for all the users of the organization that have SAML settings with the expired certificate).
It is also worth mentioning that the URL will be new in case the IdP Metadata is removed and added again with new Certificates. To update your Certificates within the current IdP Metadata, it is required to copy and paste them into your IdP Metadata instead of the expired ones. In this case, no outage or downtime will occur.