Skip to main content

SSO activation [existing customers]

Updated over 12 months ago

Activation process SSO Introduction

Linking to SSO is done based on the OpenID connect (OIDC) protocol. The configuration of SSO requires three keys which we can use to link. These keys are generated in the client's user management environment (Azure, Google, etc.) to which SSO will be linked. With these keys, Signhost can configure an SSO redirect URL:

  1. Signhost delivers a Redirect URL in the following format:
    https://account.evidos.com/signin-###

  2. This Redirect URL can be configured in the client's management environment.

  3. Signhost then creates a RegisterURL (activation link) to link accounts:
    https://account.evidos.com/manage/openid/external?provider=###

  4. Finally, Signhost creates a loginURL for users to log in to. Logging in must always be done via this link: ​https://account.evidos.com/account/ExternalLogin?provider=###

    The characters in the link ### are replaced by a unique identifier for the client.

Activation process

  1. The customer creates an OpenID Connect SSO link.

  2. Signhost discusses with the client whether SSO will be enforced for all users.

  3. The customer shares the following to Signhost :
    o ClientID,

    o ClientSecret,

    o Discover URL (endpoint URL)

    Note: Signhost uses secure communication through the mSafe tool and creates an environment for the client in consultation

  4. Signhost shares the RedirectURL with the client via mSafe

  5. The customer configures the redirect URL.

  6. Signhost shares the ManageURL and the LoginURL with the customer via mSafe

  7. The customer logs in to the Signhost portal with the portal administrator user.

  8. Portal administrator opens the RegisterURL in a new tab. Logging into SSO connects this account to the Signhost portal account which the user has logged into in the other tab.

  9. Portal administrator confirms they can log in to the Signhost portal using the LoginURL Signhost provided.

  10. If there are multiple active users, they should all first follow the steps above. The portal administrator will provide the RegisterURL and LoginURL to all other users.

  11. The client confirms to Signhost that all users can log in using the LoginURL with SSO.

  12. Unless agreed otherwise at step 2: Signhost closes the option to use username and password to login.

➡️ Depending on the agreements made at step 2, proceed with the appropriate step-by-step process for adding new users.

Option 1: Add new users - SSO is enforced:

After SSO activation, the portal administrator can add new users via the user management in the Signhost portal. This is done through the following steps:

  1. Portal administrator logs in to the Signhost portal and navigates to the user management page to add a new user.

  2. Portal administrator provides LoginURL to the new user.

  3. Signhost sends an automatic email to activate the new user account. Can't find this email? Then search for noreply@signhost.com.

  4. The user follows the link in the email (the link can only be used once)

  5. The user will be redirected to the login page of your organization. Log in with your standard organization login details.

  6. SSO is now linked to the new user.

  7. The user can log in using the LoginURL the portal administrator provides: https://account.evidos.com/account/ExternalLogin?provider=########

Option 2: Add new users - login is also possible with username + password

After SSO activation, the portal administrator can add new users via the user management in the Signhost portal. These users can activate their accounts and set up SSO. This is done through the following steps:

  1. Portal administrator logs in to the Signhost portal and navigates to the user management page to add a new user.

  2. Portal administrator provides RegisterURL and LoginURL to the new user.

  3. Signhost sends an automatic email to activate the new user account. Can't find this email? Then search for noreply@signhost.com.

  4. The user follows the link in the email (the link can only be used once)

  5. The user sets up their account with a username and password.

  6. The user opens the RegisterURL in a new tab. Logging into SSO connects this account to the Signhost portal account which the user has logged into in the other tab.

  7. The user account is linked to the Signhost portal.

  8. The user can log in using the LoginURL the portal administrator provides: https://account.evidos.com/account/ExternalLogin?provider=########

💡 Note:

You can check if an account is linked to the SSO provider here: https://account.evidos.com/Manage/openid.
No provider listed here means that no link has been made.

Related Articles
The key chain for API users
SSO activation [new customers]
Activating Entrust SAS Corporate Sealing in Signhost
Settings page
Bring your own identity with OIDC
Did this answer your question?