Single Sign On Feature in OpKey
Single Sign-On (SSO) services gives an easy access to manage our team’s identity across all the SaaS products that is being used in the organization. SSO services allows user to use one set of login credentials (e.g., email and password) to access multiple applications. The service authenticates the end user credentials only once for all the applications according to the rights given to the user and eliminates further prompts when the user switches applications during the same session.
A very common example that you can see is Google’s SSO implementation of login for their products, such as Gmail, YouTube, and so on. Any user that is logged in to one of Google’s products is automatically logged in to their other products as well.
Advantages of SSO:
- Removes the need for users to remember and manage multiple passwords.
- Simplifies user’s experience by allowing them to log in at one single access point and enjoy a seamless experience across multiple applications.
- Increases productivity by significantly reducing the password-related support emails.
- Reduces phishing and thereby making sure users aren’t tricked into giving away sensitive information.
Now with OpKey using the SSO feature, user is allowed to login with IDP service called as “Okta”. Currently both OAuth and SAML protocols are supported in OpKey. Other IDP services like Google, OneLogin, etc. will be supported soon. With this feature coming, few UI changes have been done under the Agent Utility. Let us explain the same here:
- Single Sign-On: With this tab, user can configure the IDP Service being used in their environment. User can click on “Add” button and can provide information like – SSO Provider, Protocol like OAuth or SAML, Client URL, Client ID, Secret Key, SSO API Key, etc. on the opened window before saving the same. All these information can be taken from Okta’s account. User can always edit or delete the settings saved.
- Once the settings are saved, another option “Allow OpKey Login To” gets enabled which will allow admin to enforce a login type for their users by choosing either of the 3 options as “OpKey Users Only”, “Single Sign-On, “Both OpKey and SSO Users”. So, according to the option selected, OpKey will allow user to login. In case, user has configured the SSO service, then it is a good option to select the third option i.e. “Both OpKey and SSO Users”.
- Group Management: With this tab, user can add all groups which are already defined under his/her Okta account. So, with this tab, OpKey can directly fetch all the groups present in Okta and user can simply call those group inside OpKey to allow which user can login to which Project inside OpKey. This will again simplify the use of assigning multiple users multiple projects. OpKey can assign either a single Project or Multiple Projects within a single go.
Enhancement in OpKey Agent UI
Another enhancement is the implementation of new mechanism of connecting of OpKey Agent with its Server. As per previous implementation, user would have to provide the details like Server URL, Agent Name, Username and Password to get Agent connected to Server. Now, an option called “Authentication Mode” is also given inside Agent’s Dashboard, so that user can either connect with his server credentials to with Authentication Code. By Default setting for existing customers would be “OpKey Server Credential” under the “Authentication Mode” dropdown. User needs to logout from the agent to select second option. Authentication Code can be taken by clicking on “OpKey Agent” option present under the “Download Center” option. This will help those users who would be using the SSO feature under OpKey.
Major Bug Fixes