Use the single sign-on (SSO) authentication

Overview

Single sign-on (SSO) is an authentication method that facilitates access to multiple applications by using only one set of credentials. To make this possible, applications relegate identity authentication to a third-party service (Identity Provider). Being authenticated by the Identity Provider allows you to sign in to those applications without re-entering your username and password.

The XTRF's SSO uses the OpenID Connect standard for relegating authentication. Some of the OpenID Connect Identity Providers are Google, Microsoft Azure, Yahoo, Salesforce, and GitHub. SSO can be activated and configured independently for all three XTRF portals.

Benefits of using SSO

First of all, SSO simplifies the login process, streamlines the workflow, and increases data safety. Other benefits include:

  • Easier password management. It's safer to memorize one extra strong password instead of many.

  • Better protection and reduced vulnerability. SSO significantly reduces the risk of human error and allows the use of two-factor authentication (2FA) and multifactor authentication (MFA).

  • Better user experience, especially when working with a large number of outside vendors.


How does SSO work?

  1. A user selects the SSO option while logging into XTRF.

  2. The XTRF's SSO delegates identity authentication to an Identity Provider indicated in the configuration.

  3. The Identity Provider confirms the user's identity.

  4. (Optional) You may configure the XTRF's SSO to run custom post-login actions like updating the XTRF user profile, user group assignments, etc. 

SSO is optional, and each XTRF Portal can be configured separately to use traditional credentials, credentials + SSO, or SSO exclusively.


How to activate SSO for XTRF?

To start using the SSO feature, please open a ticket with our Help Desk.

To learn how to configure the XTRF SSO, see the Configure the Single sign-on (SSO) guide.

This feature is available only for specific XTRF plans. Additional charges may apply. Please contact our Help Desk or your Regional Growth Manager for more information. 


How to sign in to XTRF with SSO

  1. Go to the XTRF sign-in page.

  2. Select the Sign in with SSO button.


    If you have already logged into some other platform through your Identity Provider service, you will be automatically signed into XTRF, and step 3 will not be necessary.
    If not, you will be redirected to the sign-in page of the Identity Provider selected in the SSO configuration.

  3. Sign in with the respective credentials for your Identity Provider (Google Account, Microsoft Account, Yahoo, Salesforce, GitHub, etc.)

  4. (Optional) If the XTRF Platform settings require additional authentication, you will be requested to provide it.


SSO impact on XTRF Portals

When SSO is selected as an exclusive gateway to XTRF, certain features are disabled to maintain the integrity of the system:

  • Password management options are disabled, as XTRF passwords are not required anymore.

     

  • Password-related endpoints in the APIs are also disabled.

  • The Vendor Portal invitation process and the range of permissions available to new users is slightly changed.

To learn more about XTRF features impacted by SSO, please contact the XTRF Helpdesk.