Single sign-on is an easy way to get rid of the hassles of remembering and safeguarding many passwords that grant you access to different online accounts. A common practice of creating different login credentials for various apps can be simplified with a session and user authentication service that allows users to access multiple applications with one set of logic credentials such as name and password.
SSO enables users to switch between applications effortlessly during a session and eliminates any prompts that hinder the progress. Thus giving the end users an authentication for all the apps for which they have been given rights. At the back end, the service can be of much help to check the user activities and monitor user accounts.
Agile’s way of SSO is to allow users to authenticate different users and subsequently inform the app about the authentication provided. The user is then allowed to access Agile CRM without being prompted to enter separate login credentials. As you activate SSO and punch in your domain, it redirects you to the same domain whenever you log into the CRM. Also on the web page you can embed a link that takes the user directly to the CRM dashboard. This is a swift way to allow your users to access the Agile CRM app.
[bctt tweet=”Allow different users to access Agile CRM easily using single sign-on.” username=”agilecrm”]
Agile CRM rides high on robust security features that provide a safe path for single sign-on. This helps the app to lay trust on the requests that it receives from your systems. Agile CRM only grants access to the users that have been authenticated by you. The technology embraced by Agile for SSO is JSON web token (JWT), which is used for securing the exchange of user authentication data.
The single sign-on authentication process:
Once you enable single sign-on, login requests are routed to a remote login URL (a login page that is external to your Agile CRM).
Here are the steps of the single sign-on authentication process:
- An unauthenticated user (not already logged in) navigates to your Agile CRM URL (for example, https://mycompany.agilecrm.com/).
- The Agile CRM SSO mechanism recognizes that SSO is enabled and that the user is not authenticated.
- The user is redirected to the remote login URL configured for the SSO settings (for example, https://mycompany.com/agilecrm/sso).
- A script on your side authenticates the user using your proprietary login process.
- Your script builds a JWT request that contains the relevant user data.
- You redirect the customer to the Agile CRM endpoint at https://mycompany.agilecrm.com/access/sso with the JWT payload.
- Agile CRM parses the user detail from the JWT payload and then grants the user a session.
This process is dependant on the browser redirects and subsequent passing of signed messages using JWT. The redirects happen entirely in the browser and there is no direct connection between Agile CRM and your systems, so you can keep your authentication scripts safely behind your corporate firewall.
For more information and SSO setup instructions in Agile CRM, please follow the link.