Activation process SSO Introduction
Linking to SSO is done based on the OpenID connect (OIDC) protocol. The configuration of SSO requires three keys, which we can use to link. These keys are generated in the client's user management environment (Azure, Google, etc.) to which SSO will be linked. With these keys, Signhost can configure an SSO link (redirect URL):
1. Signhost delivers a Redirect URL in the following format:
https://account.evidos.com/signin-###
2. This Redirect URL can be configured in the client's management environment.
3. Signhost then creates a RegisterURL (activation link) to link accounts:
https://account.evidos.com/manage/openid/external?provider=###
4. Signhost creates a loginURL for users to log in to. Logging in must always be done via this link: https://account.evidos.com/account/ExternalLogin?provider=###
The characters in the link ### are replaced by a unique identifier for the client.
Activation process
Part 1
Signhost creates the organisation for you within Signhost without users.
The customer creates an OpenID Connect SSO link in their user management environment.
The customer sends the following to Signhost:
o ClientID,
o ClientSecret,
o Discover URL (also known as endpoint URL)
Note: Signhost uses secure communication through the mSafe tool. Signhost creates an mSafe environment for the customer.
Signhost discusses with the customer whether SSO will be enforced for all users.
Signhost shares the RedirectURL via mSafe.
The customer configures the redirect URL and notifies Signhost.
Signhost shares LoginURL, and ManageURL via mSafe.
➡️ Depending on the agreements made at step 4 continue with Part 2A or Part 2B
Part 2A - logging in with SSO enforced
Signhost adds the first user (portal administrator).
Portal administrator follows activation link in invite email, this will redirect the user to SSO login page.
The portal administrator can add new users via the user management in the Signhost portal.
Users will receive a direct activation link in email that links to SSO.
The portal administrator shares the login URL with new users
Add new users:
After SSO activation, the portal administrator can add new users via the user management in the Signhost portal. This is done through the following steps:
Portal administrator logs in to the Signhost portal and navigates to the user management page to add a new user.
Portal administrator provides LoginURL to the new user.
Signhost sends an automatic email to activate the new user account. Can't find this email? Then search for noreply@signhost.com.
The user follows the link in the email (the link can only be used once)
The user will be redirected to the login page of your organization. Log in with your standard organization login details.
SSO is now linked to the new user.
The user can log in using the LoginURL the portal administrator provides: https://account.evidos.com/account/ExternalLogin?provider=########
Part 2B - login is also possible with username + password
Signhost adds the first user (portal administrator).
Portal administrator follows activation link in invite email to login to portal.signhost.com.
Portal administrator opens the RegisterURL in a new tab. Logging into SSO connects this account to the Signhost portal account which the user has logged into in the other tab.
Portal administrator confirms they can log in to the Signhost portal using the LoginURL Signhost provided.
The portal administrator can invite new users via the user management page in the Signhost portal.
Portal administrator will provide RegisterURL and LoginURL to all new users.
Add new users
After SSO activation, the portal administrator can add new users via the user management in the Signhost portal. These users can activate their accounts and set up SSO. This is done through the following steps:
Portal administrator logs in to the Signhost portal and navigates to the user management page to add a new user.
Portal administrator provides RegisterURL and LoginURL to the new user.
Signhost sends an automatic email to activate the new user account. Can't find this email? Then search for noreply@signhost.com.
The user follows the link in the email (the link can only be used once)
The user sets up their account with a username and password.
The user opens the RegisterURL in a new tab. Logging into SSO connects this account to the Signhost portal account which the user has logged into in the other tab.
The user account is linked to the Signhost portal.
The user can log in using the LoginURL the portal administrator provides: https://account.evidos.com/account/ExternalLogin?provider=########
💡 Note:
You can check if an account is linked to the SSO provider here: https://account.evidos.com/Manage/openid.
No provider listed here means that no link has been made.