Contents x
    SSO and Domain Access
    • 12 Mar 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    SSO and Domain Access

    • Updated on 12 Mar 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article Summary

    Once Single Sign On (SSO) has been established for a domain, users must have an email address that matches that domain to access the tenant.

    Once a domain is linked to a tenant, users with that domain cannot be added to other organizations’ tenants.

    Purpose

    This article provides an overview of the SSO implementation within the Syniti Knowledge Platform specifically in regards to users that have credentials in more than one domain.

    As an example, Bruce Wayne is a Syniti consultant and therefore has a bruce.wayne@syniti.com email address. Bruce is working with a publishing client called The Daily Planet. Because of this contract, Bruce also has a contractor email of bruce.wayne@contractor.dailyplanet.com. This document covers users in this type of scenario and how they will access the Syniti Knowledge Platform.

    Authentication Methods

    The Syniti Knowledge Platform supports two types of authentication:

    • In-Application (In-App)—A user’s username and password are stored within the platform's internal identity provider and when a user logs in, that username and password are validated against this internal provider

    • Single Sign On (SSO)—A user is authenticated against a corporate Identity Provider (IdP) and the user’s access credentials are managed by the IdP

    Allowed Domains

    As an added layer of security, every Knowledge Platform tenant has a list of associated allowlisted domains. These domains are the only domains that are allowed for users in that tenant.

    Tenant—Domain Mapping with Single Sign On

    When a tenant is configured for Single Sign On, one or many domains are associated with that tenant and the tenant is integrated with a customer’s corporate IdP. When a user logs in to the tenant, the domain is taken from their email address and that domain is used to match against the tenant(s) to which the user has access.

    Once a domain has been established with an organization’s IdP any user with an email address that matches that domain can only access tenant(s) that are within that organization’s control.

    As an example, once a Syniti tenant is linked to the Syniti.com domain, then Bruce Wayne will not be able to be registered to The Daily Planet’s tenant using the email address bruce.wayne@syniti.com. To access The Daily Planet’s domain, he will need to use his dailyplanet.com email address.

    Was this article helpful?
    What's Next
    **Access to pages and visibility of fields may be restricted based on the security settings of the current user. The Syniti logo is a registered trademark of BackOffice Associates, LLC. Other names appearing on the Site may be trademarks of their respective owners.
    Get in Touch
    Related Content
    Copyright © 2024 BackOffice Associates, LLC d/b/a Syniti. All rights reserved.