Support pour l'authentification unique (SSO)

Why the SSO is useful ?

Ermeo allows you to use the SSO (Single Sign On). The SSO will allows you to access easily to your Ermeo account, by using your company's personal account. You will have a central authentification for all your application, and so an username/password less to store. 

The pros to use the SSO are : 

1. Allows users to remember and manage fewer passwords and usernames for each application.
2. Simplifies the process of logging in and using applications - no need to re-enter passwords.
3. Allows your company to manage the rights of users to access certain applications.

Implementation 

The Ermeo Single Sign-On SSO is based on Oauth2 and OICD protocol. Any types of SSO that are compliants with this protocol type can be implemented.

As an result, we can support any Oauth2/OICD compliants platforms for single sign-on (Google/Okta, etc.).

Below, you can find the list of the compliant platforms that we have already implemented for your client.   

Our single sign-on is available on all of your platforms (IOS/Android/Window/Web) and once it's enabled, all users of your workspaces can access it.

To be able to log in, the users must have a valid Ermeo account.
By default, the link between the Ermeo account and your company account is done throught the username (Ermeo Side) and your email adress (Company side). This link can be customized.

You have the choice to enable only the SSO authentification or to keep the two way of connection. (Ermeo and SSO).

How to implement the SSO ?

The integration of a new SSO is done on two steps.

The first step is the integration of the SSO on a sandbox environment. This allows us to validate the integration with you before going in production.

The second step is the release of the SSO in production.

To perform the integration you must provide a list of information to ermeo configurated inside your SSO provider.

1. Step 1 : Integration of the SSO on a sandbox

Sandbox environment :

1. The Application Credentials 

       client_id : xxxxx-xxxxx-xxxxx

       client_secret : xxxxx-xxxxx-xxxxx

2.The configuration of the sso provided on your side. (Endpoints / Protocol supported etc...)

Generally you have an endpoint that return all the informations on your service 
Ex: https://host/auth/realms/???/.well-known/???   

3. You must authorize redirect_uri provided by ermeo

4. An account of test

5. The contact of a technical person on your side that can provide support from your SSO if an unexpected issue is encounter

2. Step 2 : Integration of the SSO on production

Production environment:

Same information but with others values (client_id/client_secret/ authorize redirect_uri etc...).

To request an SSO integration, you must contact the Ermeo team. You can ask to your Account Manager or create a ticket by sending an email to support@ermeo.com (in the subject of the email, you can mention that you would like to implement the SSO). A file to fill will be send to you, with all the requireds informations to provide.

⚠️ Testing the SSO Configuration : 

Before sending the completed file, you should check that your configuration for the integration is set up  correctly. This will avoid a lot of unnecessary back and forth and wasted time for both parties.

You must use the authentification flow that will be implemented and test that you can authentificate the test user account.

If you got any issues implementing the SSO , you can send an email to your technical contact in Ermeo or to support@ermeo.com