With our latest release, ShiftPlanning now supports Secure Assertion Markup Language (SAML), which allows us to provide Single Sign-on (SSO). Single Sign On can improve security through centralizing access and removing the need for individual users to manage multiple individual passwords. Single Sign On also reduces costs related to user administration in both the cases of onboarding and offboarding.
Some Key benefits to using SAML in Your Organization
- Directory integration – Since SAML does not use passwords to sign users in, it makes it easy to integrate with an enterprise’s directory and let users sign in with their network password. Directory integration is achieved indirectly through the identity provider who typically offers extensive functionality in this area.
- Elimination of user passwords – Security is increased since users do not have to remember multiple passwords and also prevents unwanted entities from stealing passwords and gaining unauthorized access.
- Centralizing access control – SAML forces users to always authenticate in one place – at the identity provider – which makes it possible to enforce multi-factor authentication and monitor all sign-in activity for enterprise apps.
- Increased productivity – SAML provides users one-click access via single sign-on which saves times and energy on behalf of each user and for the enterprise as a whole.
Configuring Single Sign-on (SSO) in ShiftPlanning
Users with access to the ‘admin’ tab of the application will see “Single Sign-On” in the left navigation under ‘Integration’.
To get started with configuration, make sure the “SAML Enabled” checkbox is clicked. To enable SSO for Shiftplanning, the administrator will need a SAML Issuer URL and a X.509 Certificate found from their SAML server. These two pieces of information will need to be entered in their respective fields and are required for ShiftPlanning to communicate with your SAML server. (*Some SAML servers may also request a Consumer Service URL (ACS) which is found on the right-hand side of the ‘single sign-on’ section of the admin tab).
Once SSO is configured, users will be redirected to the SAML server for authentication upon login. Users identities can be stored either on the SAML server or validated by an identity provider such as Active Directory or LDAP. After authentication, users will be redirected to ShiftPlanning for application use.
ShiftPlanning & OneLogin Partnership
Though a partnership with OneLogin, ShiftPlanning has joined top notch cloud services like Zendesk, Yammer, and Salesforce who already have a place in its directory. A SAML server can either be built in-house or offered from a service provider. OneLogin is a leading provider of identity & access management for enterprise web apps. As part of our relationship with OneLogin, their team has extended a special offer to ShiftPlanning customers:
If you’re not already a OneLogin subscriber, you can use OneLogin for free with ShiftPlanning plus directory integration.
More information on signing up with OneLogin can be found here.