Skip to main content
Single Sign On (SSO)
Judi Zietsman avatar
Written by Judi Zietsman
Updated over 9 months ago

Single Sign-On (SSO) is an authentication process that allows users to access multiple applications with a single set of login credentials instead of entering their username and password each time. This article will provide key information about Netstock’s SSO feature including terminology, requirements, steps to implement and maintenance.

By following the steps below, the login screen will go from this:

To this:

Once SSO is enabled, users will no longer be able to use their app specific credentials.

Features

The Netstock SSO feature provides the following benefits:

  • A convenient login process for users - Log in once with a single set of credentials to access multiple applications

  • Improved security - Control authentication centrally and implement your preferred password requirements

Terminology

  • Single Sign-On (SSO) - an authentication process that allows users to access multiple applications with a single set of login credentials.

  • Security Assertion Markup Language (SAML) - a standard for transferring identity data between applications.

  • Identity Provider (IdP) - the service responsible for user authentication, such as Microsoft Entra ID (formerly Azure Active Directory).

  • Service Provider (SP) - an application such as the Netstock app that asks the Identity Provider to authenticate users.

  • NameID - a unique identifier representing a user, such as an email address.

Requirements

The Netstock SSO feature has the following requirements:

  • Your Identity Provider supports SAML

  • Your Identity Provider can provide email addresses for the NameID

  • The NameID email addresses match Netstock app users

Steps to implement

Step 1 - Obtain Service Provider details

In the Netstock app, navigate to Settings > Configuration > Access click Enable SSO for all users.

Do not apply this change yet because it will prevent users from logging into the app. Simply click on Show Service Provider details to obtain the necessary information for your Identity Provider which will be used in step 2.

Step 2 - Configure the Identity Provider

The setup process will continue in the Identity Provider by setting up the Netstock app as an application. This process will differ for each Identity Provider.

Ensure that the newly added Netstock application in your Identity Provider is configured to use:

  • SAML protocol

  • Email addresses for the NameID

Make sure the details from step 1 are correctly entered into the newly configured application in the Identity Provider.

Once the Netstock application has been created and configured in the Identity Provider, grant access to users and/or groups to match existing Netstock users.

Step 3 - Configure the Netstock app

Copy a few key pieces of information from the Identity Provider into the Netstock app itself. Return to Settings > Configuration > Access and enter the following:

  • Entity ID: The Identity Provider’s unique identifier

  • SSO URL: The Single Sign-On URL

  • SLO URL: The Single Logout URL

  • Certificate: The PEM-encoded public key (certificate)

The certificate should begin with: -----BEGIN CERTIFICATE-----

and end with: -----END CERTIFICATE-----

Important: App specific credentials will no longer work once SSO is enabled!

Once the necessary values have been added, click Update to apply the changes. All users will be sent a notification via email to alert them that the Netstock app’s login process has changed.

The login page will now show a button to log in with SSO:

Assuming that everything was set up correctly, users will now be able to log in to the Netstock app using SSO. However, do not log out of the current Netstock session until testing that SSO is working properly in step 4.

Step 4 - Testing

To confirm that SSO is working correctly, attempt to log into the Netstock app from a separate device, separate browser or in a private browsing mode, so as not to interrupt the current session.

  • Assuming there was previous access to the Netstock app, it should now be possible to log in with the usual Identity Provider SSO credentials.

  • If there was no previous access, testing should be done with a colleague that does have app access.

In the event that login is unsuccessful, review the above steps to check if anything was missed and check that the values exchanged between the Netstock app and the Identity Provider appear to be correct. If SSO is still not working, then using the open Netstock app session from step 3, navigate to Settings > Configuration > Access, uncheck Enable SSO for all users, and Update. This will revert back to app specific authentication (users will also be alerted). Advice can then be sought from Netstock support.

Maintenance

Adding users

When a new user is granted access to the Netstock app in the Identity Provider, also log into the Netstock app to create the user and assign the appropriate access level and location permissions if applicable.

Removing users

If a user’s access to the Netstock app is permanently removed in the Identity Provider, also log into the Netstock app to delete the user.

While this step is not required, it is good practice for keeping the app instance tidy.

Maintaining users

User access levels must be managed in the Netstock app.

Certificate expiry

The Identity Provider certificate recorded in the Netstock app may periodically expire. It is advisable to set a reminder and replace the certificate before its expiry date. If a certificate does expire, users will be unable to access the Netstock app. In the event of being locked out, reach out to Netstock support and ask for help to replace the SSO certificate.

Did this answer your question?