Passle SSO (Single Sign-On) Integrations

Sophia
Sophia
  • Updated

This is a technical integration. We recommend asking your technical team to complete this task.

Passle supports the following SSO integration types:

  • SAML 2.0
  • SAML 2.0 Multi-Tenant
  • JWT with Shared Secret or Certificate

Full technical documentation can be found and is attached, at the bottom of this article.

Passle Permissions User permissions within Passle, are managed separately from SSO, by your Passle Administrator. SSO is used for authentication only.

To set up SSO with Passle:

        1. To set up SSO, your Identity Provider must support SAML 2.0. To establish your SSO account on the Passle side, we request your XML via an externally available URL. This is usually provided by your IdP. If your idp do not provide you with an XML URL/file, contact Passle Support to request the manual configuration details.
        2. Insert our Passle information into your IdP sign-in information. Our metadata can be found with the URL:

          https://www.passle.net/saml/[Your client shortcode]/metadata

Please contact support@passle.net if you are unsure about your client shortcode.

To set up Multi-Tenant SSO with Passle Updated:

        1. Multi-Tenant SSO allows organisations operating across multiple domains or tenants, to configure a separate SAML 2.0 integration for each. Passle determines the appropriate directory for each user at login, based on their email domain.

          To establish SSO on the Passle side, we request your XML via an externally available URL, which is usually provided by your IdP (if this is not the case, we can tell you the manual details we need).
        2. Passle provides separate metadata, enabling you to set up your IdP sign-in information, for each of your tenants. The metadata will follwo the following format:

          https://www.passle.net/saml/[Your client shortcode]/[domain identifier]/metadata

Please contact support@passle.net to confirm your client shortcode/domain identifiers.

Testing SSO 

          1. Please ensure that whomever is testing SSO, also has a Passle user account, as Passle needs to match the email address of the user we have in our application with the email address found in the SAML packet. 
          2. Once both metadata setups have been completed, and SSO is live for your organization, please navigate to the Passle login page enter your email address then select either the 'Continue' or Log in with SSO' button, to test and confirm that the SSO configuration is complete.

 

  • After the set up between your company and Passle has been completed and set live, you will still see the log in screen as normal. 

    Enter your email address and select continue
    If authenticated, you will automatically be logged into Passle 

    sso-disabled pw.png

  • SSO is designed so you will only need to remember your company credentials. If your Passle has been set up to still allow email/password login, you can request a password as usual. Otherwise you will need to contact your IT administrator to reset your SSO login (should you forget it). 
  • As long as a user has been registered with their SSO provider, they can still receive a registration link to their Passle, which will then log them in directly to their Passle dashboard.
  • If SSO is the only login option enabled, then Passle passwords will no longer be viable as a login method.

    If email/password login is still enabled, when you enter your email address on the login page, if SSO is detected you will be given the option to login with password, or continue with SSO. ss-enabled pw.png

 

The following PDF, provides additional technical information to help with SSO implementation should you need it:-

Was this article helpful?

1 out of 1 found this helpful

Have more questions? Submit a request