Single Sign-On (SSO)

Single Sign-On

atEvent offers Single Sign-On (SSO) as an option to our customers that allows them to access the atEvent platform and mobile app using SSO. In order to setup SSO in atEvent you will first need to setup a SAML Application. This article is divided into the following sections:

• Setup SAML Application
• Enable SSO

Setup SAML Application

Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). This allows a company to use one set of credentials to log into many different websites. It’s much simpler to manage one login per user than it is to manage separate logins to email, customer relationship management (CRM) software, Active Directory, etc. 

Before you can enable SSO in atEvent your Company Admin will need to setup a SAML Application. Some of the SAML idP metadata URLs/files will be required during your atEvent SSO setup. Be sure to have them ready to copy and enter during the setup.

Here are links to help articles that will assist you with your IdP SAML service setup:

• Google
• Okta
• OneLogin
• PingFederate 7
• Salesforce
• SiteMinder
• SSOCircle

Enable SSO

In order to enable SSO your company will first need to contact atEvent Customer Success and purchase the "SAML Single Sign-On" subscription. Once SSO has been enabled in your Company´s atEvent account any Company Group Admin will be able complete the setup.

1. Go to Company Settings: Mouseover icon bubble and select "Company Settings" from the dropdown menu that appears

2. Company Settings Page:
  a. Click on the "Security & Single Sign-On" tab

3. Identity Provider (SAML 2.0)

a. Enter Name of Single Sign-On (This is an SSO provider name displayed to users). In this example we are using Google with the name "Google IDP SSO". You can choose any name that is convenient for your company setup.

4. Configuration Type (Metadata URL):

a. Select the Metadata URL radio button
b. Enter the SAML Metadata URL. This will be provided to you by your identity provider (idP) when you complete your SAML Application setup. 

Copy the following URLs into your SAML application account

c. SAML Consumer URL: https://ceaservices3.at-event.com/saml/SSO
d. SAML Service Provider metadata URL: https://ceaservices3.at-event.com/saml/metadata
e. SAML Identity ID: https://ceaservices3.at-event.com/saml/metadata

5. Configuration Type (Metadata File):

a. Select the Metadata file radio button
b. Upload the SAML Metadata file. This will be provided to you by your identity provider (idP) when you complete your SAML Application setup. You can upload it here by clicking "Choose File" or you can also drag it into the box to upload.

    c. After upload your SAML metadata file will display as shown here.

     Copy the following URLs into your SAML application account

d.  SAML Consumer URL: https://ceaservices3.at-event.com/saml/SSO
e.  SAML Service Provider metadata URL: https://ceaservices3.at-event.com/saml/metadata
f.  SAML Identity ID: https://ceaservices3.at-event.com/saml/metadata

6. Click the "Enable" button

7. A new window will open. Click "Test Configuration"

8. Sign In to your identity provider (idP). If you setup your SAML Application correctly in the previous steps you should be redirected to the sign on screen upon clicking "Test Configuration". In this example we are using Google as an idP.
   a. Enter "Email"
   b. Click "Next"

Google Login continued:
   c. Enter "Password"
   d. Click "Next"

Google Login continued:
  e. Enter "Code"
  f.  Click "Verify"

9. Google Login Success

a. If your idP login was successful you will receive the following popup. Next, you need to define the users that will be using SSO in atEvent. However, before doing that you should test your configuration to make sure everything is working properly. You can do this by logging out of atEvent and upon login check to see if SSO is now enabled. After testing return here to finish your setup. 
b. The "Success" popup will appear at the bottom right.
c. Close the popup to continue.

10. Add Domain

a. Add your company domain. This is what appears after the @ in your company emails. In this example we are entering "yourcompany.com".
b. Click the "Add Domain" button.

11. Newly Added Domain

a. Your newly added domain will now appear here. You can add other domains if your company has multiple divisions with a different email domain. You can delete it by clicking the red X button.
b. All atEvent users who are already registered with the newly added domain will show up in this window. 
c. Save the newly added domain by clicking the "Save" button
d. If you do not leave a checkmark to the left of any of the atEvent users in the list in Step b (enabling Safe Login by Password) you will receive this popup after clicking "Save". We recommend that you assign at least one atEvent user (typically a Company Group Admin) to continue signing into atEvent using Safe Login by Password instead of SSO.

For security reasons it is good practice to make sure that your whole company is not tied to SSO. We recommend that you keep at least one atEvent user assigned as "Safe Login by Password" in which they will need to sign in to atEvent by conventional means using a password rather than SSO. 

12. Safe Login by Password List

a. Place a checkmark next to the name(s) that you want to designate as Safe Login by Password. In this example we have selected John Doe who is the Company Group Admin. This user will now be required to login to atEvent with their password while the others left unchecked will be authenticated using SSO.

13. Manage Users: Under Manage Users you will be able to see the Security Status for each of your company's atEvent Users.

a. Mouseover the icon bubble and select "Company Settings" from the dropdown menu
b. Select the "Manage Users" tab
c. The column labeled "Security Status" denotes whether a user will need to login using password or SSO. Here you will see each user as either Password or SSO depending on how you have them setup in the SSO section.

14. Login to atEvent as an SSO assigned user.

Note: If you are already logged in/ authenticated in your SAML application you will not see a password field.

a. Enter Email
b. Click "Sign In"

You should now be successfully logged in to atEvent.