Single sign-on
The 3rdRisk platform can be integrated into your corporate network by enabling single sign-on (SSO). This is an authentication method that allows users to enter the platform from their corporate network with one click securely without using a username and password. In this article, you learn how to implement SSO.
Introduction
With single sign-on (SSO), users can use just one set of login credentials to access all their apps, including the 3rdRisk platform conveniently. This implies that users do not have to memorize multiple credentials or reuse passwords.
SSO provides several advantages over the traditional way of accessing applications with usernames and passwords.
- Positive sign-in experience: by using SSO users get a superior sign-in experience as sign-in prompts are eliminated.
- Increased engagement: SSO ensures more engagement from internal stakeholders (e.g. business, procurement, finance) as access is simplified with a one-click, centralized app-launching experience.
- Enhanced security: users do not have to reuse usernames and passwords across different apps and can only access the platform through the corporate network.
- Increased IT efficiency: user management and permissions can be centralized based on group membership and roles.
The 3rdRisk platform supports single sign-on via Microsoft Azure and Okta. Other services might be supported too. Please consult your partner or the 3rdRisk team.
Single sign-on (SSO)
Microsoft Azure
The 3rdRisk platform supports SSO integration using Microsoft Azure Active Directory (Azure AD). More information about Azure AD and SSO can be retrieved from Microsoft's official documentation environment.
Okta
Okta is an identity and access management company that provides (amongst others) SSO services. The 3rdRisk platform fully supports SSO through Okta. More information about Okta SSO can be found on the official Okta developer portal.
Other services
At 3rdRisk we are constantly expanding our integration portfolio. Other SSO providers can often be supported as a result. Please contact your partner or the 3rdRisk team to discuss options and timelines.
Process
The 3rdRisk partner coordinates the process of implementing SSO. The 3rdRisk team will implement SSO based on the input provided by the partner. If no partner is involved, the 3rdRisk team will directly reach out to you.
1. Discuss SSO
The process starts with discussing SSO with your partner or the 3rdRisk team. Using SSO is highly recommended from usability, security, and efficiency perspective. However, in some cases, it might be less feasible, e.g. if external contractors without access to your network need to access the platform too.
From an implementation point of view, enabling SSO takes little effort from your Identity & Access Management team as they only need to provide some details.
2. Complete intake form
To initiate the SSO implementation process, you need to download and complete the SSO intake form. This intake form consists of two separate steps. You first need to finish step 1 before proceeding to step 2.
Step 1: You need to contact the 3rdRisk team via e-mail (support@3rdrisk.com) or chat and provide the following details:
- Customer name: <insert name of end customer>
- Partner name: <insert name of partner>
- Contact person: <provide contact person>
- Contact details: <insert contact details>
- Order number: <provide order number>
- SSO provider: <select Microsoft Azure Active Directory, Okta or other>
- Remark: <add a remark if necessary>
You will get a response within a day with the login URL and redirect URL of your 3rdRisk instance. You need this information in step 2.
Step 2: Provide the login URL and redirect URL to your Identity and Access Management (IAM) team and ask them to complete the following details.
- SSO service: <select Microsoft Azure Active Directory, Okta or other>
- Client ID: <insert client ID number>
- Client secret: <insert client secret>
- Base URL: <insert base URL>
- Redirect URL: <provide redirect URL>
- Support e-mail: <provide internal e-mail address for support questions>
- Remark: <insert remark if applicable>
Send step 2 of the intake form directly and securely to rick@3rdrisk.com.
Please discuss with your partner or the 3rdRisk team how to share the intake form securely (e.g. by using encrypted ZIP or a sharing service for secrets). We discourage sending secrets in plain text by e-mail.
3. Review and support
The third step is to send the completed SSO intake form to your partner or the 3rdRisk SSO integration lead (rick@3rdrisk.com). If you have trouble completing the SSO intake form, you can always contact your partner or the 3rdRisk support team via e-mail or chat.
4. Implement
The fourth step contains the implementation of SSO. You will be informed up front when the implementation will take place. Usually, this will be done on the weekend or outside business hours. You will be asked to test the SSO implementation and provide feedback to your partner or directly to the 3rdRisk implementation team.
5. Approve
After the SSO integration is successfully tested, you are asked by your partner or the 3rdRisk team to approve the SSO implementation formally by e-mail.