Emporix Single Sign-On (SSO)

Integrate single sign-on mechanism.

Thanks to the Single sign-on functionality, working with Emporix Commerce Engine is even easier for your employees.

Purpose

Single sign-on is an authentication scheme that allows users to log in to different business applications with a single ID without the need to re-enter authentication credentials. Enabling SSO enhances the user experience, bolsters security measures and simplifies identity management within your organization. As the SSO ensures standardized integration for backend logins, the employees can access Emporix Management Dashboard of Commerce Engine with the same login they use for other systems you've integrated with your identity provider. The Emporix SSO functionality has been implemented flexibly for you to integrate with an identity provider of your choice. The identity provider has to be compatible with OpenID Connect (OIDC). For example, you can integrate with Azure AD, Google, Apache Directory Server, or other.

Features

Business Aspect
Description

No coding required

Pure configuration of the identity provider to integrate with the Commerce Engine.

One login only

Only one authentication login for all the different internal applications on the merchant side.

OIDC standard

Integrating with an identity provider compatible with OpenID Connect ensures secure authentication.

SSO enforcement

Possibility to configure additional security measures to allow logging in only for the accounts set up in your IDP through SSO functionality. If you want to enable this option, get in touch with Emporix.

Overview

The following diagram presents the general process:\

Configuration

Emporix SSO functionality enables integration of external identity providers (IDP) with the Emporix authentication system. You can choose any identity provider that is compatible with OpenID Connect (OIDC) standard.

As a customer, you have to configure the IDP system of your choice and provide the required credentials to Emporix so that we can enable SSO for your tenants.

As the IDP configuration is tool-specific and dependent on your needs, we don't impose any configuration steps. Once you have the application registered in your identity provider, provide the credential details to Emporix. Depending on your IDP, these may be called differently, but should be equivalent to a unique identifier (for example `Application ID`) and secret password (for example `client secret`). These details are essential to enable the SSO functionality on the Emporix side.

Redirect URI

In your IDP system, register a redirect URI with a callback function: https://auth.emporix.io/oauth2/v1/authorize/callback. The URL is where the identity platform redirects a user's client and sends security tokens after authentication.

Login page

The login page contains the option to log in to Emporix systems using Single sign-on once you enter the configured email address:

If your email domain is configured to use SSO, once you enter it, the option to Login with SSO appears, and you get redirected to the IDP provider to verify your credentials. Once you are logged in, you don't have to re-enter the password to log in to the Emporix Management Dashboard.

SSO connection

After the SSO has been properly configured on IDP and Emporix, the authentication happens in the background. See how it works together on the following diagram:

Each time an employee logs in to the Developer Portal or Emporix Management Dashboard system, a request is sent to the Emporix user authentication solution with the proper IDP ID. The solution communicates with the Identity Provider system. The IDP returns a token that allows the user to log in to the Emporix Management Dashboard.

To learn more how you can configure an external identity provider system, see the Azure AD example - Quickstart: Register an application with the Microsoft identity platform.

Last updated

Was this helpful?