Overview - Single Sign-On (SSO)

What are the benefits of SSO?

SSO provides an enhanced user experience by making it easier and safer to work across and access multiple online platforms. The key benefits that Citation HR users will experience with SSO are:

  • The ability to mitigate security risk for access to 3rd-party sites by centralising the management and control of user passwords to dedicated systems that you control;

  • The ability to reduce password fatigue from having a different username and password combinations across different systems;

  • Get back the time usually spent re-entering passwords for the same identity and become more productive in your day-to-day work;

  • If your business already has multi-factor authentication set up, then this will be inherited for accessing Citation HR Software through the configuration of SSO.


How is Citation HR Software SSO Set up?

SSO in Citation HR Software is done via the SAML protocol. SAML (Security Assertion Markup Language) is an industry standard for exchanging authentication and authorisation information between an Identity Provider (Active Directory, G-Suite, etc) and a Service Provider (Citation HR Software).

 

How does SSO enable users to log in to their profile automatically?

Good question! Basically, once Citation HR Software is configured to authenticate user information via SAML, users attempting to access Citation HR Software will no longer need to re-enter a user name and password. Instead, Citation HR Software will redirect the user to the Identity Provider (IdP) which will confirm whether or not that user can access Citation HR Software. Once a user has logged into the company IdP (if they’ve already logged in, they may not need to do anything), their browser is sent back to Citation HR Software with a signed payload identifying them.

If the user has a Citation HR Software profile already activated, they will be authenticated as a user of Citation HR Software and be delivered to the default landing page of Citation HR Software, logged in to their profile and ready to go!

If the user DOES NOT currently have a Citation HR Software profile, it is possible for Citation HR Software to create one based on the credentials validated from the IdP.

 

What are the different access levels with Citation HR Software SSO? 

Authentication VS Authorisation

In “Authentication Only” mode when new users are created, their access is granted based on defaults that you can choose. However, users may also require some subsequent configuration to make them fully functional within the system (for example, by assigning branches or additional roles). Existing users are passed straight through without changing their access. Any changes to access are performed within Citation HR Software, as you probably do today.

In “Full Authorisation” mode, our Customer Support and Implementations teams work with your technical staff to define what information your IdP will send us, and how this relates to access within Citation HR Software. Every time a user logs in, we make sure their access is kept in sync based on what your IdP tells us (whether they are new or already exist). Any changes to access are performed within your IdP, it’s the source of truth.

Related to