Single sign-on (SSO) lets users access several solutions with one login. You validate usernames and passwords against your corporate user database rather than Ermeo managing a separate password.
Implementing SSO brings several advantages to your org.
Reduced administrative costs : With SSO, users memorize a single password to access network resources, external apps and Ermeo. When accessing Ermeo from inside the corporate network, users log in seamlessly and aren’t prompted for a username or password. When accessing Ermeo from outside the corporate network, the users’ corporate network login works to log them in. With fewer passwords to manage, system admins receive fewer requests to reset forgotten passwords.
Leverage existing investment : Many companies use a central Azure Directory database to manage user identities. You can delegate Ermeo authentication to this system. Then when users are removed from the Azure Directory system, they can no longer access Ermeo. Users who leave the company automatically lose access to company data after their departure.
Time savings : On average, users take 5–20 seconds to log in to an online app. It can take longer if they mistype their username or password and are prompted to reenter them. With SSO in place, manually logging in to Ermeo is avoided. These saved seconds reduce frustration and add up to increased productivity.
Increased user adoption : Due to the convenience of not having to log in, users are more likely to use Ermeo regularly. For example, users can send email messages that contain links to information in Ermeo, such as reports. When the recipient of the email message clicks the links, the corresponding Ermeo page opens.
Increased security : All password policies that you’ve established for your corporate network are in effect for Ermeo. Sending an authentication credential that’s only valid for a single time also increases security for users who have access to sensitive data.
How does SSO works ?
In case where MFA (multi factor authentication) is enabled, users will receive a code by SMS.
For your information, the protocol used to connect to Azure AD is ADAL.
Accounts must be created in Ermeo beforehand.
Ermeo accounts and AD accounts must have the same username. It can be an email or a custom username.
Prerequisites to connect Ermeo and Azure AD
Client must provide Ermeo with the following information of its Azure AD :
The following Ermeo URL must be added as redirection URL :
The previous URL must be authorized in the company firewall as well as the ones below :
Azure AD Configuration
Step 1 - Add an application to your Azure Active Directory tenant
Step 2 - Add Redirect URIs
Choose type "Mobile and desktop applications"
and add all you URIs listed in the prerequisites above.
Step 3 - Add a platform configuration
Step 4 - Configure Supported Account Types and Advanced settings
Step 5 - Configure Permissions