Learn how to grant access to Databox through your Identity Provider for your organization.
IN THIS ARTICLE
- What is Single Sign-On?
- How to enable Single Sign-On
- How to set up Single Sign-On
- How to require Single Sign-On authentication for all users
- How to disable Single Sign-On
- Additional Information
What is Single Sign-On?
Single Sign-On (SSO) is an authentication process that enables a user to access multiple applications or services with a single set of login credentials (such as username and password). Those credentials are stored securely on a centralized cloud directory.
There are multiple standards or rules for implementing SSO, including Security Assertion Markup Language (SAML), OpenID and OAuth. Each standard has its own specifications and features so they are not interchangeable. Databox currently supports the SAML 2.0 standard.
To make the setup in Okta easier, we have a verified Databox application in the Okta Integration Network ready. You can use it to set up Databox in Okta, assign it to your users, and then make the necessary steps in Databox (mentioned below).
The Single Sign-On functionality is available on all paid plans (Starter, Professional, Growth and Premium).
How to enable Single Sign-On
- Open your Databox Analytics Account and navigate to Account > Account Management to open your Account Management Application.
- Navigate to the Administration section and click on Single Sign-On.
- Click on the Single Sign-On toggle to enable it.
How to set up Single Sign-On
Databox readily accommodates the Service Provider initiated flow. Enabling the Identity Provider initiated flow is feasible upon request, though it's inherently less secure and thus discouraged unless absolutely necessary.
Pro Tip: To enable the Identity Provider initiated flow, please contact Databox's Support Team via live chat or at help@databox.com to obtain the Single Sign-On URL and Entity ID to be used with this flow.
Callback URL
This URL is generated automatically by our system and should be copied over to the Identify Provider. It can also be referred to as ACS URL or Assertion Consumer Service URL.
Issuer URL
This URL is generated automatically by our system and should be copied over to the Identify Provider. It can also be referred to as Entity ID or Audience URI.
Metadata URL
This URL is generated automatically by our system and should be copied over to the Identify Provider if required.
Single Sign-On URL
This is supplied by your Identify Provider and should be the address where our system will redirect users to for authentication.
X.509 Certificate
Also known as Public Key, this is the key used to sign the assertions. It will also be supplied by the Identity Provider.
Managed Domain
Indicate the domains for which you wish to enable SSO functionality. Only users whose email domains match this list will be able to authenticate via SSO.
How to require Single Sign-On authentication for all users
Databox account administrators can enforce Single Sign-On (SS) authentication for all users in their account.
This feature is only available on the Premium plan. Request a trial of this feature by following these steps.
On other plans, it is available by purchasing the Advanced Security add-on from the Billing page here.
- Navigate to the Administration section and click on Single Sign-On.
- Click the Require SSO for all users toggle. This will open a pop-up window for confirmation.
- Click on the red Yes button in the pop-up window.
- Click on the green Save changes button.
Pro Tip: In Agency Accounts, this option only applies to users within the Agency Account. Users in Client Accounts will not be impacted.
Please be aware that activating this feature will result in the permanent deletion of all previously stored authentication data, including passwords. If you decide to disable this feature later on, users will need to reset their passwords to regain access to the application.
How to disable Single Sign-On
- Open your Databox Analytics Account and navigate to Account > Account Management to open your Account Management Application.
- Navigate to the Administration section and click on Single Sign-On.
- Click the Single Sign-On (SSO) toggle to disable Single Sign-On.
Additional Information
-
Service Provider provisioning is not supported. Users need to be created in Databox as well, before they can be authenticated through the Identity Provider.
- The email address is being used to identify the user. Make sure the email address in Databox matches exactly what is in the Identity Provider, and vice versa.
- Only one Identity Provider can be set per Databox Account. If you need to use multiple providers (e.g. for a Client Account), contact our team at help@databox.com to discuss available options.