You may wish to consume our SAML metadata file here. 509 certificate values for input in the Company Preferences in your ClickTime account. You will need the Identity Provider Endpoint URL and X. Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressīe sure to retrieve the following information from your Identity Provider:.Once this is enabled, please configure ClickTime as a service provider with the following settings in your Identity Provider:Īs well, expect these settings from ClickTime: If you’re using Azure AD, please follow this Azure tutorial to complete your SSO configuration.Įnterprise customers may have Custom SAML enabled in their account - please contact your Success Manager or our Support Team to have this enabled. 509 certificate from your Identity Provider. Next, fill in the Identity Provider Endpoint URL and X. In the Security section, select Okta or OneLogin as your provider. Log in to your ClickTIme account, and go to the Company -> Preferences page. If your organization is using Okta or OneLogin, one of the above identity providers, please configure ClickTime from your identify provider (Okta or OneLogin) as a new App and retrieve the following values: Once that is set, signing into ClickTime is as simple as clicking on the Google Apps button from the sign-in screen. The next sections cover the configuration from the Identity Provider -side.įor use of Google Apps, make sure that each person in your company has a corresponding Google hosted email address in the "Person Detail" page. Remember, any settings you choose will be company-wide, and accessing your account to change your Security Preferences will require you to sign in in with your chosen method the next time you log in.Ĭomplete configuration requires ClickTime-side configuration and Identity Provider -side configuration. With "Require", you will commit your entire company to the authentication method you select, and disallow users from signing on with ClickTime email/password credentials. By default, a new company will always default to the "Allow" setting for Single Sign-On. Usually this setting can be helpful for previewing an authentication configuration before you commit to requiring it. For example, if I select "Allow" for "sign-in using Single Sign-On", then I will grant the user the ability to log in with either their email/password or the selected Single Sign-On provider (Azure AD, Google Apps, Okta, OneLogin, or Custom SAML 2.0) account. If you'd like to discuss upgrading your account so you can use another SSO solution, please reach out to our Support Team.īy selecting "Allow", your company can sign into ClickTime with both their ClickTime email/password combination, as well as your company's selected Single Sign-On method.
Please note: Unless you have an Enterprise account, you will only see the option for "Google". This section covers the configuration from the ClickTime side.ĬlickTime Administrators can opt to allow or require Single Sign-On settings for their entire company on the Company -> Preferences page in the Security section: If you’d like to learn more about SAML, please visit our partners, Okta or OneLogin, for more information.Ĭomplete configuration requires ClickTime-side configuration and Identity Provider -side configuration. You may configure your Identity Provider for SP-initiated (user starts of ) or IdP-initiated (user starts from within your Identity Provider) login workflows. While some organizations still use SAML 1.1, ClickTime only supports SAML 2.0 for our partner and customer SAML Single Sign-On implementations. This allows you to access many applications under your network’s umbrella using one username and password. Security Assertion Markup Language (SAML) is a standard that allows authentication credentials to be shared by multiple applications within a network. Logging into ClickTime using Custom SAML Single Sign-On
Identity Partner Configuration - Azure AD, Okta, OneLogin Identity Partner Configuration - Google Apps Custom: Create your own custom authentication option for any other providers that support SAML 2.0Ĭlick the following links to learn more about each option:.SAML Identity Partners: Azure AD, Okta, OneLogin.With SSO, a ClickTime user could, for example, sign in to the application by just using their Google Apps email address.ĬlickTime currently offers the following single sign-on (SSO) options: Single Sign-On (SSO) gives ClickTime users the convenience of not needing to maintain a separate email/password combination in order to start their session.
0 kommentar(er)
