At Useberry, we're supporting the authentication method Single sign-on (SSO), which allows users to access multiple platforms, services, or systems using just one set of login credentials. Our SSO solution is designed to be compatible with various SSO providers that adhere to the SAML 2.0 standard. These providers include G Suite, Okta, OneLogin, Auth0, and Microsoft Azure Active Directory.
Require SSO
To enforce enhanced security measures, you have the option to mandate that all members of your organization utilize Single sign-on (SSO) for authentication. Enabling this feature will restrict users from logging in with their email and password credentials. Before enabling SSO in Useberry, it is crucial to ensure that your SSO system is functioning correctly and appropriately configured to avoid any disruptions in user access.
Provisioning
With Useberry, you have the capability to streamline the onboarding process for new users through just-in-time provisioning. By enabling this feature, new users are granted access to your organization automatically. All they need to do is successfully authenticate with your identity provider. Once the authentication is verified, Useberry will automatically add the user to your team. To tailor access and permissions appropriately, you can configure specific roles for each new user based on their requirements and the needs of the team.
SAML Assertion
When a user attempts to use SSO to sign in, Useberry uses their email address in the SAML assertion to identify them. Useberry will attempt to find the user's email by looking in these places, in this order:
The assertion subject
An email claim attribute
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
An "emailaddress" attribute (case insensitive)
An "email" attribute (case insensitive)
If a valid email address cannot be found, the user will not be able to log into Useberry.
โ