ARC Facilities supports Single Sign-On (SSO), a process that allows users to authenticate themselves against an external Identity Provider (IDP) rather than using the internal ARC Facilities username and password.
The benefit of this workflow is that companies only need manage a single user database. Connected applications provide users access based on this single database, which means that when an employee joins or departs the company, their access is automatically enabled/disabled for all connected systems.
To accomplish this, ARC Facilities - a Service Provider (SP), communicates using an industry standard protocol, (SAML 2.0 - Secure Assertion Markup Language) with an Identity Provider (IDP) to validate user credentials and provide access to ARC Facilities.
The basic workflow is as follows:
- A user opens ARC Facilities application through web browser
- Upon reaching the Sign In screen user navigates to their chosen IDP where user enters their organization’s email ID he/she has already configured SSO for.
- ARC Facilities detects that the email is set up for SSO and redirects the user to the correct IDP.
- The user enters their credentials with the IDP.
Screenshot below displays the demo OKTA IDP screen if the user has set up SSO with OKTA
- The IDP validates the user, then redirects the user back to ARC Facilities, providing the user’s information and groups to ARC Facilities
- ARC Facilities, using the information provided by the IDP, signs in the user into their account and sets permissions as defined for the user’s group.
NOTE: To know how to configure SSO refer to the SSO setup portion.