Single Sign On

Date: 2019-12-16
Version: 1.0

With this module it is possible for your customers to register centrally within their own company on the network and then use Ecmanage without logging in. The module for Single Sign On in Ecmanage can work together with the industry standard SAML. This technology is used within the product Microsoft ADFS for example.

Models of Single Sign On

Two models are possible for Single Sign On:

  • Service Provider (SP) Initiated Login

    A user goes to the customer environment in Ecmanage. There is an SSO login button, the user chooses this and is redirected to the ADFS environment of the Client, where the user has to log in once and then this environment recognizes the user without logging in. The ADFS environment sends the user via a redirect back to Ecmanage with a so-called SAML token for automatic login. In Ecmanage the user needs to have a profile and if this is the case the user will be logged in immediately.

  • Identity Provider (IDP) Initiated Login

    In this case the user usually chooses, in his own intranet environment a link to the customer environment in Ecmanage. In this link a SAML token is directly processed and the user is directly logged in into Ecmanage if the user has a profile in Ecmanage.

Setting up Single Sign On

The activation of a Single Sign On is done by the service desk at Ecmanage. The following data are important for this setup, these can be extracted from the so-called federation_metadata.xml file:

  1. Entity Id

    This is a unique feature as created in the client layout of ADFS.

    federation_metadata.xml <EntityDescriptor> attribuut entityID

  2. Single Sign On URL

    This is the page on the intranet where a user needs to identify himself once.

    federation_metadata.xml <SingleSignOnService> attribuut Location

How is the customer’s SSO solution going to be linked to Ecmanage (IDP Initiated Login)

From the customer’s intranet a call will be made to the login page of Ecmanage with as parameter the value:

Both the Ecmanage URL and the customer URL of the purchasing system needs to be replenished.

Additional possibilities Single Sign On

After activating Single Sign On, an extra button is displayed in the Ecmanage login screen. The default text of this button is “SAML Login”. You can deliver a customer specific text to the Ecmanage service desk, where it can be made active. If the Single Sign On environment of the customer requires an SSL Certificate, this can be created in the configuration.