Do you have to log in separately for each individual system? Come up with and remember different passwords for everything? Does your system administration want more control over who logs in and what they have access to? Now, with Deployteq Single Sign-On, you can easily solve this problem and log in directly to Deployteq using your own authentication tool.



What is SSO?

Single sign-on (SSO) allows you to use only one authentication tool to validate your account information across various applications. Whether you use Teams, Slack, Google Workspace, Zoom, or Deployteq during your workday, with SSO, you can log in with the same account. This makes life much easier. Users no longer have to remember and enter multiple passwords, and no more resetting forgotten passwords.

An additional benefit is that account management is fully under the control of your IT department. In the event that someone leaves the company, this employee can easily be denied access to any application by disabling the main account.


SAML2.0

At the moment, we only support SSO based on SAML 2.0.

What do I need to consider?

When setting up SSO on Deployteq, it should be noted that this is set up at the portal level and cannot be managed per brand. Our SSO integration is set up based on the current users in Deployteq. If a new employee needs access to Deployteq, a user must be created separately in Deployteq. Then you can log in with SSO.


The link between SSO and Deployteq users

With SSO, the user's email address registered in Deployteq is used. This is validated based on a SAML-claims with the name emailaddress;

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

SSO on portal

The SSO integration can only be set up per portal, and it is possible to apply the configuration in the following two ways:

  1. SSO is enforced for all users.
    1. This means that traditional login page of Deployteq is no longer accessible. This always goes through SSO login URL, even for third parties.
  2. SSO is used in addition to the existing login process.
    1. For users who must always log in via SSO, the password can be reset, which means they can no longer log in via the traditional login method. A traditional login can still be created and shared for third parties.

Step-by-step plan

1) The first step is to contact your account manager, who can guide you through the additional costs.

2) Then your IT department can add our application to your authentication solution. For this, see the documentation we have prepared for previous SSO implementations

3) The previous step should ultimately result in an XML file that must be added to the Deployteq platform, and the configuration on our side can be completed.

4) In the final step, we will provide a new login URL and limit access so that only SSO can be used to log in to Deployteq.

Example URL: https://<portalname>.deployteq.net/sso       


Deployteq MFA is removed with SSO

When SSO is activated, the Deployteq MFA validation is disabled, as this is a responsibility of the SSO agent.

Third parties with access to Deployteq

In case third parties also log in to our application, an account must also be created in your authentication tool with the SSO configuration. This is not always desirable from your IT department's perspective.

The alternative is that SSO login is not enforced on our side, which means that Deployteq can be accessed through the normal login URL. Then, it is possible to reset the password in Deployteq for all employees with SSO access. This means they will no longer have access through the normal URL but will still have access via SSO login.

How can I setup SSO?

If you want to use this module or need more information, please contact your account manager or call 030-6988080 (option 2).