Home » Resources » How-to Guides » Single Sign On
Single Sign On
Rather than maintaining separate login details for the Data8 website, you can use a single sign on (SSO) system. This allows you to reuse your existing logins for another system to provide access to the Data8 website. This is of particular benefit when:
- you have a large number of users to maintain
- you have specific security requirements
By using your own SSO system you can enforce requirements such as MFA and ensure that a user’s access is revoked when they leave the company.
By configuring SSO, you are delegating responsibility for creating new users on your account to your identity provider system. Any user that is authenticated by the identity provider will be able to access your account and the associated data.
You can use any OpenID Connect-compatible SSO system. Instructions for configuring Microsoft Entra ID are included below.
Microsoft Entra ID
An Entra ID administrator will first need to create and configure an Application Registration. This can be done in the Microsoft Entra admin center.
Expand the “Applications” option in the left hand menu and click “App registrations”.
Click the “New Registration” button and enter a name such as “Data8 Website”. In the “Redirect URI” section select the “Web” platform and enter the Url:
https://portal.data-8.co.uk/Identity/Account/SsoResponse
Click the “Register” button. Once the application has been created, click on the “Authentication” option in the left hand menu. In the “Implicit grant” section, check the “ID tokens” box and click the “Save” button.
You have now finished configuring the application in Entra ID, but before leaving the admin center you will need to make a note of the “Application (client) ID” value from the Overview page (your ID will be different to the example shown below):
and also click on the “Endpoints” button and copy the “OpenID Connect metadata document” link:
Return to the Single Sign On configuration page and enter the “OpenID Connect metadata document” link in the “OpenID COnnect Configuration Endpoint” field, and the “Application (client) ID” in the “OpenID Connect Client ID” field. Click the “Configure” button to complete the setup.
Logging in with SSO
Users that already have a login to your account can go to the login page as normal and enter their username. After entering their username they will be redirected to your configured identity provider to log in, then returned to the Data8 website.
New users that do not already have a login to the Data8 website can instead use the login link that is shown in the Single Sign On configuration page.
The first time a user logs in with SSO they will be shown a page to either associate their SSO login with an existing Data8 website login, or create a new user account. Users that have previously had access to the Data8 website using a username and password can enter this now to link their SSO login to that account and continue accessing the site as normal. New users that do not have an existing Data8 login need to fill in the quick registration form with their name and contact details. They’ll be sent an email to confirm their login, and another email will be sent to administrators within the account to notify them that a new user has been added.
Subsequent logins using SSO will bypass this step. The user will be logged in automatically without requiring any further interaction on the Data8 website.