Single sign on allows users to sign in using other web service accounts such as Google or Microsoft Azure AD. It reduces the number of usernames and passwords needed, since users can access Way We Do by logging into a single account that is used for multiple systems. Another benefit is that a user who is already signed in to the Identity Provider account will not need to sign in again to use Way We Do.
Way We Do uses SAML 2.0, which is a standard authentication protocol used for single sign on functionality. Accordingly, Way We Do will support many identity providers using SAML 2.0.
In order to activate Single Sign On, you will need administrator access to your Way We Do account, as well as the technical knowledge to correctly configure authentication and grant access. It may be necessary to contact the IT Manager or Lead Technician within your organization.
Terms to Know
Identity Provider - This is a 3rd party system which stores the identity and allows users to sign into Way We Do (e.g. Google, Microsoft)
Service Provider - The service that is being signed into. In this case the Service Provider is Way We Do
General Setup Instructions
Click the 'waffle' icon in the top right corner of any page in Way We Do, then click Account in the dropdown menu.
Select Single Sign On from the menu options
Enter a Single sign-on name - This name will appear on the sign-on page instructions once the function is enabled, to inform users of the single sign-on option. (e.g. Google Apps Sign-On, Acme Co. Single Sign-On, Company Login)
Enter the Identity ID - Provided by the Identity Provider. Is the identifying URL of the authentication system for the identity provider.
Enter the SAML SSO URL - Provided by the Identity Provider. This is the URL users will be redirected to, to sign-on.
Provided by the Identity Provider. Upload the certificate by clicking the Select button next to Certificate - The information passed between the Identity Provider and Way We Do needs to be encrypted, so a certificate is used.
Optional Settings:
Enable Passwords - This option disables the regular password function for Way We Do so that users can only use single sign-on.
Enable Auto-provisioning - When this is enabled, the email address used to sign-on will be automatically compared to the list of users in Way We Do. If the email address does not match an active user in Way We Do, it automatically add a new user account for the person signing in, requesting any missing information. This is ideal for large organizations since they can simply tell users to log in and it will automatically add them as users in Way We Do.
NOTE: Users added through single sign-on are added as general users and are not assigned a role in the system. An Administrator is able to go in and modify their security role to become an editor or administrator and also assign one or several Org Chart roles.
If you are happy that the settings are correct, you can click the 'Turn On Single Sign On' toggle to Yes to enable Single On.
Click Save.
NOTE: Signing out of Way We Do will NOT automatically sign a user out of your identity provider. If users are on shared computers, they will need to log out of their Identity Provider account before another user can log into Way We Do using Single Sign-On.
SAML 2.0 supports single sign-on with a variety of Identity Providers. We have provided specific instructions for connecting with G Suite and Microsoft Azure AD. For help connecting with other Identity Providers, contact us at support@waywedo.com.