Skip to content
English
More support
  • There are no suggestions because the search field is empty.

Single Sign-On

Setting up Single Sign-On (SSO) can streamline user authentication across applications and services, making it easier for users to access resources with a single set of credentials in a secure manner. Here’s a guide to setting up SSO:

Getting Started:

  1. Log-in: As the initiator of the Single Sign-On connection, whether IT or an admin, you must have an active admin account with PowerDetails or assist someone with an active admin account to access the Single Sign-On configuration page.

  2. Navigate: Hover over the “Advanced” tab at the top of the homepage. Hover over “Site Config”. Click into “Single Sign-On”.

  3. Before entering any of the information below, make sure to check the checkbox labeled “User Creation Enabled” to enable all of the needed fields. (Located in the bottom left of the first section within the Single Sign-On Settings page.)

Gather Information:

In order to configure PowerDetails Single Sign-On  to the active directory provider, the following information will need to be provided and entered into PowerDetails:

  1. Active Directory Provider: The business/agency should already have a Single Sign-On provider that is active and configured. The name of the provider will be selected within the PowerDetails Single Sign-On section. (The first drop-down.)

  2. Sign-in Endpoint: The sign-in endpoint is where users are redirected to enter their credentials (username and password) or authenticate using other methods, such as multi-factor authentication (MFA), as part of the Single Sign-On process. The URL for the Sign-in Endpoint is gathered from the new application created for the Single Sign-On connection and will be provided in the Sign-in Endpoint field. (Fourth field from the top, next to the certificate upload.)

  3. Certificate: The certificate should be downloaded from the new application, created within the existing active directory provider, to make the Single Sign-On connection. The “RAW” format is the most compatible. (Upload the certificate in the certificate field. Click “Browse” to choose the raw file.)


Login Options:

Agencies have the option to specify what types of authentications are permitted. The options are:

Require Single SignO-n Only (Users must login via SSO at least once) - This selection would ONLY allow for Single Sign-On permitted users to access PowerDetails. No PowerDetails password would be authenticated and allowed access. 

Allow Single Sign-On and PowerDetails Authentication- This selection would allow BOTH Single Sign-On and PowerDetails account passwords to authenticate and allow access.

 If you are a business that has multiple sectors, 1 on the Single Sign-On connection and 1 not, then “Allow Single Sign-On and PowerDetails Authentication” would allow for those on the SSO connection to use Single Sign-On authentication, whereas the other sector could authenticate with a PowerDetails password.





Configure Claims:

Claims- a claim is a statement about a user, such as their username, email address, or roles.

Claims are included in tokens or assertions as part of the authentication process. The service provider uses these claims to make authorization decisions or populate user profiles.

PowerDetails configures the following claims for the Single Sign-On connection:

Identity Claim- http://schemas.powerdetails.com/identity/claims/objectidentifier

It provides details that uniquely identify the user within the context of the SSO authentication process. These claims are transmitted from the Identity Provider to the Service Provider to facilitate user identification and authentication.

User ID Claim- http://schemas.powerdetails.com/identity/claims/userid

The User ID claim is crucial for mapping users to their accounts and ensuring proper authentication and authorization.

Role Claim- http://schemas.powerdetails.com/identity/claims/userrole

The user role claim tells PowerDetails how new and existing accounts are mapped to a specified account type. If all newly created accounts should be created as a “personnel” account, create a claim that sets the attribute to personnel. If the roles for new accounts could be personnel or admin accounts, configure this claim to a field within the AD user’s profile that contains either the term “Personnel'' or “Admin”.

**Note: If new accounts are both admin and personnel, the agency will have to designate a field within AD that has the account type labeled within that field for ALL users.

User Email Claim- http://schemas.powerdetails.com/identity/claims/useremail 

This claim is used to convey the user’s email address from the Identity Provider to the Service Provider as part of the authentication process. The User Email claim is crucial for various purposes, including user identification, communication, and personalization.

First Name Claim- http://schemas.powerdetails.com/identity/claims/userfirstname

This claim is used to convey the user’s given name from the Identity Provider to the Service Provider. It is essential for personalizing user interactions and managing user profiles.

Last Name Claim- http://schemas.powerdetails.com/identity/claims/userlastname

This claim is used to convey the user’s surname from the Identity Provider to the Service Provider. It is essential for personalizing user interactions and managing user profiles.


Manage Authentication:

PowerDetails also has 2 additional drop-downs within the claims section to identify the first claim match. In the “First Identity Claim” drop-down, select how you want the Single Sign-On connection to verify existing accounts. This can be done by looking for the user's object ID, user ID, or user email. 

To the right of the “First Identity Claim” drop-down is a “First Identity User Field” drop-down to specify the field the first identity claim information is mapped to within PowerDetails.

Ex: If my first identity claim is “http://schemas.powerdetails.com/identity/claims/userid”, then my first identity user field would be “User ID (user ID)”




Additional Notes:

  • Agencies using the Single Sign-On feature will not be able to utilize the PowerDetails support methods for password resets. All password reset requests will be directed back to the agency for internal assistance.

  • If at any time, the agency needs further assistance in configuring Single Sign-On, please reach out to Support@powerdetails.com to set up an SSO Configuration meeting with our team.