SSO Overview

What is SSO?

SSO stands for Single Sign-On and is a modern way of simplifying the login process by allowing Employees, Managers, and Administrators to log in once with a single set of credentials and gain access to multiple applications like your World Manager platform. This eliminates the need for users to remember and enter different usernames and passwords for each application used within your business, saving time.

Which IdPs are supported?

Currently, but not limited to, the following identity providers (IdP):

  
Microsoft Azure Set Up Guide

 
Okta Set Up Guide

 
OneLogin Set Up Guide

Is user provisioning supported?

Yes, Just-in-time (JIT) and Ahead-of-time (AoT) are both supported. See more details on these user provisioning methods below:

  • Just-in-time (JIT): The user account is auto-created upon first login, when using SSO to log into the platform. Prompting the user to go through the account creation process/form.
  • Ahead-of-time (AoT): The user account is pre-created via GraphQL API. Thus, allowing the user to log directly into the platform using their SSO credentials.

What does it look like and how easy is it for users?

Below are 2 examples of what SSO can look like, simply displaying the IdP your business uses on the login screen. The first example exhibits a user can either use SSO via the preferred IdP or their normal login credentials:

The second example introduces the ability to force users to only use SSO with your IdP of choice, presented below:

Do we have to use SSO?

No. Users can continue to use login via username and password, but we encourage all brands to discuss this with their IT teams.

What are the main reasons to consider enabling SSO for your World Manager platform?

1. Improved Security

SSO with an IdP like Okta, Microsoft Active Directory (Azure), or OneLogin can enhance security by centralizing authentication and authorization processes. The IdP acts as a trusted authority for user identity and manages access. This allows for consistent application of security policies, such as strong password requirements, multi-factor authentication, and access controls, reducing the risk of unauthorized access.

2. Streamlined User Provisioning and De-provisioning

With SSO and an IdP, user provisioning and de-provisioning can be simplified. When an employee joins the company or changes roles, the IdP can automatically grant or revoke access to the relevant applications based on predefined policies. This ensures that employees have the appropriate level of access to the applications they need, reducing administrative overhead and the risk of granting excessive privileges.

3. Centralized Identity Management

Using an IdP allows for centralized identity management, where user accounts and groups can be managed from a single location. This simplifies user administration and enables IT teams to have better control and visibility over user access across various applications. Changes to user attributes or access levels can be made centrally and propagated to all applications integrated with the IdP.

4. Integration with External Services

An IdP often supports industry-standard protocols such as SAML, making it easier to integrate with cloud-based applications that support this protocol like World Manager. This enables seamless access to third-party services and simplifies the on-boarding process for new applications.                                               
Overall, implementing SSO with an IdP offers convenience, security, and administrative benefits for both users and organizations. It simplifies the user experience, strengthens security measures, improves productivity, and reduces the administrative burden associated with managing user accounts and access across multiple applications.

How do you set this up?

This is for the IT teams within your brand. There is no UI within the platform itself for administrators to configure. To successfully authenticate a user via SSO, there is a bare minimum requirement of UUID data that needs to be provided, which is dependent on the role the user's account group belongs to. See the table below that outlines the data required per role:

Role(s) Group UUID Country UUID Area UUID Store UUID
World Manager      
National Manager    
Area Manager    
General Manager, Store Manager, Employee    

We recommend scheduling a call, or sending an email to our Support Team via wmsupport@franconnect.com to discuss your IT requirements and how best to introduce this for your brand.

CAPTCHA

Our CAPTCHA functionality uses Google reCAPTCHA v3. This provides an added layer of security, specifically for login and forgotten password requests.

Google reCAPTCHA v3 uses a ‘score-based’ system, which is applied/altered based on interactions with the platform, to verify and enable your requests.

Here is an example of the reCAPTCHA logo you will see on applicable pages.

 

Note: reCAPTCHA verification is handled in the background. This means that users will not be required to complete an activity, unless triggered (based on multiple failed attempts).

 

Was this article helpful?
0 out of 0 found this helpful