This support article outlines what Single Sign-On (SSO) is, and the different options to set it up within iAuditor for your organization. When an administrator enables SSO for the organization, users would no longer have to set, remember, and manage separate passwords for iAuditor sign-in. They simply need to authenticate with their existing company system to be granted access for their respective account in iAuditor.

Overview

iAuditor’s Single Sign-On supports any authentication solution that utilizes the Security Assertion Markup Language (SAML) 2.0 standard. If you are unsure about your solution’s authentication standard, these are some of the common enterprise authentication systems we support:

  • Active Directory (ADFS, Azure)
  • PingFederate
  • Google
  • Okta
    IMPORTANT NOTE

    User email between iAuditor and company domain must be the same for a successful SSO setup.

To request SSO for your iAuditor organization, please fill in the request form here. If your organization is on the iAuditor Enterprise subscription, you can contact your account manager to request assistance in the setup process. Once we have configured SSO from our end, you can follow the relevant setup instructions below to complete the configuration on your company’s domain.

Once SSO is set up and enabled, administrators can turn off iAuditor (non-SSO) sign-in at any time, so to manage user access from their company’s central domain.

Generic SAML setup

IMPORTANT NOTE

The steps below require the SSO connection name provided by the iAuditor team, please fill in the SSO request form here, and we will reach out to you with details.

iAuditor uses Auth0 as the SSO broker, which explains the references to Auth0 in the settings below:

  1. Assertion-consumer Service URL (Application Callback URL): https://safetyculture.au.auth0.com/login/callback?connection={NAME PROVIDED BY SAFETYCULTURE}
  2. Entity ID (Audience): urn:auth0:safetyculture:{NAME PROVIDED BY SAFETYCULTURE}
  3. Single Log Out URL: not supported yet

If the Identity Provider provides a choice for bindings, you should select HTTP-Redirect for Authentication Requests.

Active Directory Federation Services (ADFS)

IMPORTANT NOTE

The steps below require details to be provided by the iAuditor team, if you have not yet requested SSO from us, please fill in the request form here, and we will reach out to you with details.

Active Directory Federation Services (ADFS) is a commonly used Single Sign-On (SSO) solution created by Microsoft. ADFS manages authentication through a proxy service hosted between a company’s Active Directory and iAuditor. There are two options for setting up ADFS with iAuditor: SP-initiated SSO and IdP-initiated SSO.

  1. Service Provider (SP)-initiated SSO:
    Users visit the iAuditor login page first and get redirected to their company portal to enter their company credentials before proceeding. If they are already logged in, no login step is necessary. See ADFS Web Services Federation setup below for instructions.
  2. Identify Provider (IdP)-initiated SSO:
    Users visit their company portal first, login to the portal, and have the option to open the iAuditor website without having to log in again. If IdP-initiated SSO is required for accessing the iAuditor web application or if WebSSO is preferred over WS-Federation, see ADFS SAML WebSSO setup below for instructions.

ADFS Web Services Federation setup

Use the standard process for adding iAuditor as a relying party as described in the step-by-step instructions here:

https://auth0.com/docs/connections/enterprise/adfs

using the following values where required

  1. Realm Identifier: urn:auth0:safetyculture
  2. Relying party trust identifier: urn:auth0:safetyculture
  3. Endpoint (Relying party WS-Federation Passive Protocol URL): https://safetyculture.au.auth0.com/login/callback
IMPORTANT NOTE

Make sure “Enable support for the WS-Federation” is selected as shown in the auth0 support article linked above.

To configure SSO, iAuditor will need the Federation Metadata endpoint or standalone file, send this to your relevant iAuditor counterpart.

ADFS SAML WebSSO setup

To setup ADFS SAML 2.0 SSO with iAuditor use the standard ADFS process for adding iAuditor as a relying party as described in the step by step instructions here:

https://auth0.com/docs/protocols/saml/adfs

Use the following values where required

  1. Display Name urn:auth0:safetyculture.au.auth0.com
  2. Relying Party Trust Identifier urn:auth0:safetyculture.au.auth0.com
  3. Post-back URL  https://safetyculture.au.auth0.com/login/callback?connection={NAME PROVIDED BY SAFETYCULTURE}
  4. Entity ID: urn:auth0:safetyculture:{NAME PROVIDED BY SAFETYCULTURE}

The SSO connection name will be provided by the iAuditor team after the connection is configured.

Other types of Active Directory such as Azure Active Directory are also supported, please contact our customer support team for instructions on setting up SSO with other types of Active Directory.

Was this article helpful?

We love your feedback. Please tell us what you think.


Yes No
Care to share a bit more so we can continue to make improvements for you? Care to share a bit more so we can make this article even better for you? Thanks for your feedback!