Please note this feature is only available for the Pro plans.

Why enforcing SSO is useful

What is single sign-on (SSO)?
The Single Sign-On (SSO) process enables users to log in to multiple applications or systems using a single login credential. Through SSO, users are able to re-enter their credentials once rather than having to log in separately to each application.

SSO offers an added layer of security. Enforcing SSO enhances security and data protection by ensuring that login authentication is carried out exclusively through trusted providers.

By enforcing SSO for specific user roles, you ensure that the users with that particular user role can only log in using your organization's SSO. Therefore, you also enforce the same authentication level as your identity management provider, such as two-factor authentication or password rotation.

The flexible setup also allows companies to choose which user roles need enforcement while not restricting external users, like freelancers, etc, from using Rentman. By only enabling these user roles for internal people, external crew members who do not have an identity in your organization's SSO and do not need to access sensitive information can still log in. 

Note: Multi-factor authentication is not handled within Rentman but can be enforced by the SSO Provider (Google, Apple, or Microsoft).

This feature does not include user provisioning. Users will still need to be added and removed from the Rentman database manually, as per the current process.

Getting started with SSO

Only power users with access to the settingsConfiguration module can enable SSO enforcement.

Since you can only enforce SSO on user roles and not individual users, you must first set up your user roles. In this article, we explain how you can set up user roles for your workspace.

To enable SSO enforcement:

enforce sso.gif

  1. Navigate to the settings Configuration module > Account > Security
  2. Choose a provider.
  3. Add domain(s) constraints. 
    Rentman tip: Use a comma (,) to separate multiple domains. Domain constraints ensure secure access by permitting logins only from the trusted domains you add here.
  4. Select desired user roles.
  5. Save

Mastering SSO enforcement: restrictions

When trying to enforce SSO for certain user roles, you might get the message "Users in this role do not meet domain restrictions." 

Screenshot 2024-02-15 at 11.35.04.png

Clicking on the Show button directs you to the people Crew members module where you can see a list of users who do not comply with the restrictions. In the following paragraphs, we will explain what these restrictions are and how to resolve them.

Note: If the issue for affected users is not resolved, they will not be able to login to the software.

Warning: Ensure that you do not enable SSO for your user role if you (your user in Rentman) do not meet the necessary restrictions, as this will prevent you from logging into Rentman.

1- User does not comply with the domain restrictions

This means that at least one user assigned to this role has an email address that does not match the domain rules.

For example, the domain is set to rentman.nl, but the user in this user role has a gmail.com email address.

To resolve this issue, you can either:

2- User has a local profile

Enforcing Single Sign-On (SSO) is limited to users with global profiles. Therefore, users with local profiles, who continue to log in using their username and password, cannot be assigned a user role with enforced SSO.

To resolve this issue, you can either:

Was this article helpful?
0 out of 0 found this helpful