Overview: Single Sign-On (SSO)


What is Single Sign-On?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials, rather than having to set up multiple usernames and passwords across platforms. The credentials are stored centrally in a cloud directory.
    Note: Single Sign-On is available for users on the Performer plan. 

How to set up Single Sign-On

Databox supports the SAML 2.0 Single Sign-on login standard. There are multiple Identity Providers supporting SAML SSO (i.e. Okta, OneLogin, Auth0, Azure AD, etc.)

SAML SSO works by transferring the user’s identity from one place (the identity provider, Databox) to another (your service provider). This is done through an exchange of digitally signed XML documents. 

Admins can set up SSO by navigating to Account Details > Single Sign-on. Click the Single Sign-on (SSO) toggle to start the setup process. 

To set up SSO you need to provide:

  • Single Sign-on URL: this is an endpoint URL that you received from your Identity provider (i.e. https://idp.example.com/sso/saml)
  • Entity ID (also called Audience URL): this is usually in the form of a URL that contains the Identity Provider’s name within it (i.e. https://idp.example.com/unique-id)
  • X.509 Certificate: this is the Identity Provider’s public key to sign authentication assertions. There should be a place to download or copy the certificate hash from the Identity Provider. Just paste the certificate hash in the text area field.

Lastly, you can require all users to use the SSO option with the Force SSO toggle. If you'd still like to leave the option for them to sign in with their Databox credentials (or Google Sign-in method), you can leave it turned off. The Account Owner always has the option to use the non-SSO credentials to log in to Databox.

Pro Tip: Service Provider provisioning is not supported. Users need to be created in Databox first and then they can be authenticated via the Identity Provider to login to Databox. We are matching the email in Databox with the email the Identity Provider is returning after authentication.

How to enable SSO with Okta as the Identity Provider

Databox supports the SAML 2.0 Single Sign-on login standard, and there are multiple Identity Providers supporting SAML SSO. Okta is just one of them. 

To make the setup in Okta easier, we have a verified Databox application in the Okta Integration Network ready. You can use it to setup Databox in Okta, assign it to your users, and then make the necessary steps in Databox (mentioned above).

Pro Tip: Both Service Provider and Identity Provider initiated login flows are supported. This means you can use the regular login page in Databox or login via Okta’s directory with just one click. 

How to remove Single Sign-On

To remove two-factor authentication, navigate to Account > Access and Security. Click the Single Sign-On (SSO) toggle to disable Single Sign-On. 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.