Emporix Single Sign-On (SSO)
Integrate single sign-on mechanism.
Thanks to the Single sign-on functionality, working with Emporix Commerce Engine is even easier for your employees.
Purpose
Single sign-on is an authentication scheme that allows users to log in to different business applications with a single ID without the need to re-enter authentication credentials. Enabling SSO enhances the user experience, bolsters security measures and simplifies identity management within your organization. As the SSO ensures standardized integration for backend logins, the employees can access Emporix Management Dashboard of Commerce Engine with the same login they use for other systems you've integrated with your identity provider. The Emporix SSO functionality has been implemented flexibly for you to integrate with an identity provider of your choice. The identity provider has to be compatible with OpenID Connect (OIDC). For example, you can integrate with Azure AD, Google, Apache Directory Server, or other.
Features
No coding required
Pure configuration of the identity provider to integrate with the Commerce Engine.
One login only
Only one authentication login for all the different internal applications on the merchant side.
OIDC standard
Integrating with an identity provider compatible with OpenID Connect ensures secure authentication.
SSO enforcement
Possibility to configure additional security measures to allow logging in only for the accounts set up in your IDP through SSO functionality. If you want to enable this option, get in touch with Emporix.
Overview
The following diagram presents the general process:\
Configuration
Emporix SSO functionality enables integration of external identity providers (IDP) with the Emporix authentication system. You can choose any identity provider that is compatible with OpenID Connect (OIDC) standard.
As a customer, you have to configure the IDP system of your choice and provide the required credentials to Emporix so that we can enable SSO for your tenants.
As the IDP configuration is tool-specific and dependent on your needs, we don't impose any configuration steps. Once you have the application registered in your identity provider, provide the credential details to Emporix. Depending on your IDP, these may be called differently, but should be equivalent to a unique identifier (for example `Application ID`) and secret password (for example `client secret`). These details are essential to enable the SSO functionality on the Emporix side.
Redirect URI
In your IDP system, register a redirect URI with a callback function: https://auth.emporix.io/oauth2/v1/authorize/callback.
The URL is where the identity platform redirects a user's client and sends security tokens after authentication.
Login page
The login page contains the option to log in to Emporix systems using Single sign-on once you enter the configured email address:
If your email domain is configured to use SSO, once you enter it, the option to Login with SSO appears, and you get redirected to the IDP provider to verify your credentials. Once you are logged in, you don't have to re-enter the password to log in to the Emporix Management Dashboard.
Only already activated user accounts can use SSO to log in to Emporix tools. The newly created user accounts need to be activated first. A new user receives an invitation email with a link to set a temporary password. When the password is set, the user can log in and link the account with an OIDC account. To link the Emporix account with the external OIDC account, the temporary password is necessary. Temporary password can be only used for linking the account with external providers. The option to log in to the system using temporary password is blocked.
SSO connection
After the SSO has been properly configured on IDP and Emporix, the authentication happens in the background. See how it works together on the following diagram:
Each time an employee logs in to the Developer Portal or Emporix Management Dashboard system, a request is sent to the Emporix user authentication solution with the proper IDP ID. The solution communicates with the Identity Provider system. The IDP returns a token that allows the user to log in to the Emporix Management Dashboard.
Last updated
Was this helpful?