Emporix Single Sign-On (SSO)
Integrate single sign-on mechanism.
Last updated
Was this helpful?
Integrate single sign-on mechanism.
Last updated
Was this helpful?
Thanks to the Single sign-on functionality, working with Emporix Commerce Engine is even easier for your employees.
Single sign-on is an authentication scheme that allows users to log in to different business applications with a single ID without the need to re-enter authentication credentials. Enabling SSO enhances the user experience, bolsters security measures and simplifies identity management within your organization. As the SSO ensures standardized integration for backend logins, the employees can access Emporix Management Dashboard of Commerce Engine with the same login they use for other systems you've integrated with your identity provider. The Emporix SSO functionality has been implemented flexibly for you to integrate with an identity provider of your choice. The identity provider has to be compatible with OpenID Connect (OIDC). For example, you can integrate with Azure AD, Google, Apache Directory Server, or other.
No coding required
Pure configuration of the identity provider to integrate with the Commerce Engine.
One login only
Only one authentication login for all the different internal applications on the merchant side.
OIDC standard
Integrating with an identity provider compatible with OpenID Connect ensures secure authentication.
SSO enforcement
Possibility to configure additional security measures to allow logging in only for the accounts set up in your IDP through SSO functionality. If you want to enable this option, get in touch with Emporix.
The following diagram presents the general process:\
Emporix SSO functionality enables integration of external identity providers (IDP) with the Emporix authentication system. You can choose any identity provider that is compatible with OpenID Connect (OIDC) standard.
As a customer, you have to configure the IDP system of your choice and provide the required credentials to Emporix so that we can enable SSO for your tenants.
As the IDP configuration is tool-specific and dependent on your needs, we don't impose any configuration steps. Once you have the application registered in your identity provider, provide the credential details to Emporix. Depending on your IDP, these may be called differently, but should be equivalent to a unique identifier (for example `Application ID`) and secret password (for example `client secret`). These details are essential to enable the SSO functionality on the Emporix side.
In your IDP system, register a redirect URI with a callback function: https://auth.emporix.io/oauth2/v1/authorize/callback.
The URL is where the identity platform redirects a user's client and sends security tokens after authentication.
The login page contains the option to log in to Emporix systems using Single sign-on once you enter the configured email address:
If your email domain is configured to use SSO, once you enter it, the option to Login with SSO appears, and you get redirected to the IDP provider to verify your credentials. Once you are logged in, you don't have to re-enter the password to log in to the Emporix Management Dashboard.
After the SSO has been properly configured on IDP and Emporix, the authentication happens in the background. See how it works together on the following diagram:
Each time an employee logs in to the Developer Portal or Emporix Management Dashboard system, a request is sent to the Emporix user authentication solution with the proper IDP ID. The solution communicates with the Identity Provider system. The IDP returns a token that allows the user to log in to the Emporix Management Dashboard.
To learn more how you can configure an external identity provider system, see the Azure AD example - .
