Overview
This article explains the process of enabling Admin Only Single Sign-On (SSO) for AdvocateHub using SAML, allowing administrators to access the hub through a company's SSO system while advocates use Influitive AdvocateHub accounts. It highlights the benefits of this setup, such as enhanced security and ease of access for administrators, and provides a step-by-step guide on configuring SAML SSO for admins and logging in via an identity management service like Okta or OneLogin.
Information
Note: Admin Only SSO only works with SAML and does not work with OAuth
This article will cover how to enable Admin Only Single Sign-On and how this feature works for your AdvocateHub.
You may want your Administrators to log into your hub through your company's Single Sign-On system, but have your Advocates sign up / in with an Influitive AdvocateHub account. This may appeal to you if you already use a third-party identity management service like Okta or OneLogin to handle your logins to the various applications or vendors your company uses.
This allows your IT team to easily manage employees access to any applications your company uses. Some positives of this include a more secure and reliable platform from where your identity management is controlled and improved ease of access to the AdvocateHub for your Administrators.
Setting Up Admin Only SSO
When setting up this feature, you will configure your SAML setup as normal using your identity management service (ie. Okta, OneLogin). When you navigate to the Single Sign-On section of your settings, Settings > System > Login/Security , you will see an option to enable Admin Only:
To enable SSO for only administrators, simply click on the "Enabled" radio button as pointed out above. If you want all users (Advocates and Administrators) to use SSO, choose the "Disabled" radio button option.
Now that you have everything set up, log in to the identity management service you use and navigate to the place where all your applications are. Click your AdvocateHub application and you should be brought straight into your Administrator account in your AdvocateHub. Here is a quick video that runs through what it looks like using OneLogin as an example:
Note: There is no Influitive landing page for the Administrator. Usually with Single Sign-On, when an Administrator navigates to the AdvocateHub they will be redirected to their Single Sign-On login page where they enter their credentials and gain access to the AdvocateHub. With Admin Only Single Sign-On, the only place for the Administrator to gain access to the AdvocateHub is by clicking on the application within their identity management service. If an Administrator attempts to log in to the AdvocateHub through the sign-in page, they will be denied access and see the following message:
FAQ
What is Admin Only Single Sign-On (SSO)?
Admin Only Single Sign-On (SSO) is a feature that allows administrators to log into AdvocateHub through a company's Single Sign-On system, while advocates use separate Influitive AdvocateHub accounts.
Can Admin Only SSO work with OAuth?
No, Admin Only SSO only works with SAML and does not work with OAuth.
How do I configure SAML SSO for administrators in AdvocateHub?
To configure SAML SSO for administrators, go to Settings > System > Login/Security in your AdvocateHub settings, and select the "Enabled" radio button under the Admin Only option.
What happens if an administrator tries to log in directly through the AdvocateHub sign-in page with Admin Only SSO enabled?
If Admin Only SSO is enabled and an administrator attempts to log in directly through the AdvocateHub sign-in page, access will be denied, and they will receive a message indicating that login is not possible through that method.
What are the advantages of implementing Admin Only SSO?
The advantages include a more secure and reliable identity management platform, improved ease of access for administrators, and efficient management of employee access to company applications.