Does your Company use Single Sign-On (SSO) to allow access to multiple independent software systems? Benojo can support that - we offer SSO as an access and control method for our business users.
What is Single Sign-On (SSO), and What are the Benefits?
With SSO, a user logs in with a single ID and password in order to access a variety of connected systems, without the need for separate usernames and passwords, allowing the user to seamlessly sign in on each system.
Benefits to using Benojo with SSO include:
- No need to remember new usernames or passwords
- For the employee, the user experience is seamless - they feel as if they are using an internal system specific to your business...it feels familiar, and like you.
- A user's data is pulled into the Benojo system on first log in, and updated on every subsequent log in, meaning a user enjoys pre-populated profile information, such as their employee number, name and email address.
- Employees are automatically added to Benojo - when someone new joins your business, there is no need for you to take additional action on the Benojo platform, they will be automatically created on first log in.
- Allows greater permission and controls as to who can see and access Benojo from within your business.
The Technical Stuff
So how does it work? Well, this is the information your tech team will want to know:
Single Sign On using SAML
Single sign on (SSO) using SAML allows employees in your company to access Benojo using your company portal hosted at https://[company].benojo.com. When an employee navigates to your portal and clicks Sign in, they will be sent to your company login page and required to authenticate. When they have successfully logged in, they will be redirected to Benojo as a logged in user.
How can I set this up for my company?
Just in Time creation
Extra profile information
- Benojo supports Identity Provider initiated flow, or Service Provider initiated flow.
- If adding a link to login to Benojo directly on your intranet, please link to https://[company].benojo.com/
- Benojo supports HTTP-REDIRECT only (not HTTP-POST).
- Your Identity Provider will need to sign SAML Assertions to verify your identity. You will need to provide your PEM-encoded X.509 certificate to Benojo to allow us to configure your SSO integration. Certificates should be signed using the algorithm SHA-256.
- Please contact Benojo prior to your certificate expiring so that we can upload new certificates and ensure a seamless experience for your employees.
- Benojo does not support SSO Single Log out.
Identity Provider setup
- The Entity ID should be set to https://[company].benojo.com/
- The Assertion Consumer Service (Post back) URL should be set to https://[company].benojo.com/
- The Name Identifier must be unique and must not change for the lifetime of the user e.g. Employee number.
- Employee first name name attribute is required
- Employee last name attribute is required
- Employee email is required
- Employee number is recommended, and optional