Skip to main content
Single Sign On

Instructions for setting up single sign on for accessing Way We Do

Andrew Sutton avatar
Written by Andrew Sutton
Updated over 5 months ago

Single sign on allows users to sign in using other web service accounts such as Google or Microsoft Azure AD. It reduces the number of usernames and passwords needed, since users can access Way We Do by logging into a single account that is used for multiple systems. Another benefit is that a user who is already signed in to the Identity Provider account will not need to sign in again to use Way We Do.

Way We Do uses SAML 2.0, which is a standard authentication protocol used for single sign on functionality. Accordingly, Way We Do will support many identity providers using SAML 2.0.

In order to activate Single Sign On, you will need administrator access to your Way We Do account, as well as the technical knowledge to correctly configure authentication and grant access. It may be necessary to contact the IT Manager or Lead Technician within your organization.

Terms to Know

Identity Provider - This is a 3rd party system which stores the identity and allows users to sign into Way We Do (e.g. Google, Microsoft)

Service Provider - The service that is being signed into. In this case the Service Provider is Way We Do

General Setup Instructions

  • Click the 'waffle' icon in the top right corner of any page in Way We Do, then click Account in the dropdown menu.

  • Select Single Sign On from the menu options

  • Enter a Single sign-on name - This name will appear on the sign-on page instructions once the function is enabled, to inform users of the single sign-on option. (e.g. Google Apps Sign-On, Acme Co. Single Sign-On, Company Login)

  • Enter the Identity ID - Provided by the Identity Provider. Is the identifying URL of the authentication system for the identity provider.

  • Enter the SAML SSO URL - Provided by the Identity Provider. This is the URL users will be redirected to, to sign-on.

  • Provided by the Identity Provider. Upload the certificate by clicking the Select button next to Certificate - The information passed between the Identity Provider and Way We Do needs to be encrypted, so a certificate is used.

Optional Settings:

  • Enable Passwords - This option disables the regular password function for Way We Do so that users can only use single sign-on.

  • Enable Auto-provisioning - When this is enabled, the email address used to sign-on will be automatically compared to the list of users in Way We Do. If the email address does not match an active user in Way We Do, it automatically add a new user account for the person signing in, requesting any missing information. This is ideal for large organizations since they can simply tell users to log in and it will automatically add them as users in Way We Do.

  • NOTE: Users added through single sign-on are added as general users and are not assigned a role in the system. An Administrator is able to go in and modify their security role to become an editor or administrator and also assign one or several Org Chart roles.

If you are happy that the settings are correct, you can click the 'Turn On Single Sign On' toggle to Yes to enable Single On.

Click Save.

3._Single_Sign-On_Setup_Screen.png

NOTE: Signing out of Way We Do will NOT automatically sign a user out of your identity provider. If users are on shared computers, they will need to log out of their Identity Provider account before another user can log into Way We Do using Single Sign-On.

SAML 2.0 supports single sign-on with a variety of Identity Providers. We have provided specific instructions for connecting with G Suite and Microsoft Azure AD. For help connecting with other Identity Providers, contact us at support@waywedo.com.

Did this answer your question?