Single Sign On (SSO)
Learn how to configure SSO for your Netcore CE dashboard using Microsoft Azure (Entra).
Overview
SSO allows users to log in once using a centralized authentication system (like Azure AD) and gain access to multiple connected applications without needing to re-enter credentials. Enable SSO to help brands streamline user access using their existing Identity Provider (IdP) such as Microsoft Azure (Entra). This guide will help you understand, configure, and use SSO effectively within the Netcore CE dashboard.
Note
- Currently, only Microsoft Entra ID is supported as an Identity Provider (IdP). For support with other IdPs, please contact helpdesk@netcorecloud.com.
- If your organization uses SSO and you would like to enable it for your Netcore account, we will take care of the setup for you. To get started, please reach out to us at helpdesk@netcorecloud.com.
Refer to the given table to know the difference between SSO and traditional login.
| Feature | Traditional Login | SSO Login |
|---|---|---|
| Authentication Source | Netcore login system | External Identity Provider such as Microsoft Azure (Entra) |
| User Input | Email + Password | Work Email only and Netcore CE account name (initially) |
| Credential Management | Managed separately for Netcore | Managed centrally by the organization |
| Security | Can vary by user | Centralized security policies like MFA, session control, and so on. |
| User Experience | Must remember Netcore credentials | Seamless access using corporate credentials |
Benefits of SSO
- Centralized Security: Authenticate users through your IdP for improved security.
- Simplified Access: Users no longer need to remember multiple credentials.
- Enterprise-Ready: Supports leading providers like Microsoft Azure and follows SAML 2.0 protocol.
Prerequisites for SSO
You use an Identity Provider (IdP) or a custom SAML (Security Assertion Markup Language) implementation.
SSO Workflow
Follow the given steps.
- Click "Log in with SSO" on the Netcore CE login page.
- Enter your Account Name and Work Email.
- If the dashboard is SSO-enabled, you are redirected to the IdP login page.
- Upon successful authentication, you are redirected back to the Netcore CE dashboard.
Common Errors and Messages
Refer to the given table to know the common failure reasons for SSO.
| Scenario | Message |
|---|---|
| Panel is not SSO-enabled | This account is not configured for SSO. |
| Email not linked to SSO | This email is not configured for SSO. |
| Duplicate usernames for one email | It seems that multiple user names are associated with this email ID. Please contact your admin or Netcore support. |
| IdP authentication failure | Login failed due to incorrect credentials. |
| Redirection fails | Unable to connect to your identity provider. Please try again later. |
| Session expired | Your session has expired. Please log in again. |
Migration of Existing Users to SSO
We can enable Single Sign-On (SSO) for any existing account. Once enabled, the following steps will be carried out as part of the migration process:
- All usernames (except Admin) will be updated to match their email IDs.
- SSO invitation emails will be sent to users.
- Duplicate usernames will be cleaned up to ensure only one email ID is associated with each user.
- This process applies to both active and inactive users and requires admin approval.
Rollback from SSO
If the admin disables SSO:
- Users receive an email with a temporary password
- Panel returns to default login (email/password)
- All SSO-specific settings are deactivated
FAQs
Q: Can I log in without SSO after it's enabled?
A: No. Once SSO is active, users' email/password login is disabled. Only the admin login continues to work if allowed.
Q: What happens to users with multiple usernames?
A: SSO will throw an error. The admin must clean up duplicates for a smooth login.
Q: How do I revert from SSO?
A: Admins can disable SSO. All users will then receive temporary passwords via email.
Updated about 1 month ago