Easier and friction-free user access with Single Sign-on (SSO)
Single Sign-on (SSO) is an integral part of most organizations identity management strategy today. The average employee accesses several Software as a Service (SaaS) services a day. Without SSO, users must create (and more importantly continuously manage), passwords or credentials for each SaaS app that they access, adding overhead and increasing the likelihood of security issues. At the same time, users now expect to access SaaS apps from different devices and locations, whether in the office, at home, or in public areas. Administrators, therefore, have to balance security and convenience. With SSO, users have one set of organization credentials that they use for one-click access to SaaS applications on various devices including mobile. SSO eliminates the use of simple passwords that present a security risk, while also reducing helpdesk costs of managing passwords.
This blog post will introduce HAQM Business SSO, explain its key features and benefits, and describe how to get started. To learn more about HAQM Business SSO, visit our page here.
SSO provides your employees secure, centralized, and simple access to HAQM Business
SSO integration provides a secure, centralized, and simple way to access HAQM Business, and is available to all HAQM Business customers. With SSO, you can enable federated SSO authentication using Security Assertion Markup Language (SAML) 2.0 with identity providers, so that your users can use existing organization credentials. This raises the security bar by removing the need to create and manage new credentials, simplifying onboarding friction for new users, centralizing the authentication process, and reducing the overhead of managing user access, while providing your employees a seamless purchasing experience.
Customers add employees to purchase on HAQM Business by inviting users, who then receive invitation emails to complete a user registration process. However, for organizations with a large number of employees, tracking invitations and following up with employees to complete the registration process is sometimes cumbersome. In addition, customers who already have SSO implementations don’t want their users to have additional credentials to access HAQM Business. IT security policies sometimes mandate SSO access to apps, and customers want to set up SSO to provide a secure, centralized, and consistent experience for their employees.
HAQM Business’ SSO integration allows you to set up SSO with a variety of identity providers such as Okta, OneLogin, Microsoft Azure AD, Microsoft ADFS, AWS SSO, OpenAM, and Shibboleth using SAML 2.0. The key benefits of this feature are:
- Streamlined onboarding: Organizations with hundreds or thousands of employees can get started easily on HAQM Business without Admins having to manually invite users. New employees can start purchasing immediately because user accounts are automatically created (Just-In-Time provisioning) on first access.
- Increased security: Buyers do not have to provide or manage passwords to access HAQM Business, reducing the risk of credential leakage.
- Reduced risk: Block access to HAQM Business if employees leave the organization to reduce risks associated with not terminating buyers’ access to HAQM Business.
- One-click access: Users have a seamless and simple authentication experience, whether direct buying or punch-out (from buyer to supplier), similar to other corporate apps you use daily.
Getting started with HAQM Business SSO
There are two ways to get started:
- Contact your HAQM Business Customer Advisor, who will guide you through the SSO set up process.
- Use the SSO self-service wizard to activate SSO for your HAQM Business account. In this blog post, we will use Okta as an example identity provider to set up SSO integration with HAQM Business.
There are three steps to setting up SSO - 1) Setting up the pre-configured HAQM Business app on Okta; 2) Providing your Okta metadata and attribute mapping information to HAQM Business; 3) Testing your SSO connection and activating it for your business account.
Note: SSO is set up for your business account. Hence, before getting started, make sure you are the Administrator of your business account. Also, keep your IT team on standby for any information you may need.
Step 1: Set up the HAQM Business application on Okta: Navigate to your Okta Admin portal and choose “Add Apps” and search for and add HAQM Business, as shown below.
Download the metadata file from the app. You will need to upload it to HAQM Business.
Step 2: Complete the SSO set up wizard on HAQM Business: Navigate to your HAQM Business account and click on Single Sign-On within Business Settings. You can then walkthrough the SSO set up wizard by first selecting Okta as your identity provider (IDP). If you don’t find your IDP in the list, please create a help ticket and we will reach out to you.
Provide the default group and role that just-in-time (i.e. new users to HAQM Business) provisioned users will be created into. Then upload the metadata you received from Okta. Finally, provide the attribute mapping values to match the Name attribute in Okta (an example is shown below).
Step 3: Test your SSO connection and activate SSO on your business account
Once you have successfully tested and activated SSO, you can also enable IDP-initiated SSO, You’ll be given an IDP-initiated URL on the SSO Connection Details page.
Copy this URL, go back to your HAQM Business app on Okta, and navigate to the Sign On tab. Click Edit and replace the value in SSO URL field with the IDP-initiated URL you just copied.
Conclusion
This blogpost introduced the HAQM Business Single Sign-on (SSO) and its key benefits. SSO integration gives your users secure, centralized, and simple access to HAQM Business. HAQM Business provides SSO integration with common identity providers such as Okta, OneLogin, AWS SSO, Azure AD, and many more using SAML 2.0. It also described how to set up SSO for your HAQM Business account with a simple and easy-to-use wizard. To learn more about HAQM Business SSO, visit our page here.
