SSO (Single Sign-On) Configuration and Use

This topic is an overview of how to configure and use an SSO ("Single Sign-On") in Certain.

Certain can create SSO connections for you – please ask your Customer Success Manager for details.

– An Administrator can then enable an SSO for an account or sub-account.

– An Event Builder can then use it in an event.

These SSOs can include Social Logins (LinkedIn, Facebook, Microsoft, or Google+) and Corporate SSOs.

There are three types of SSO:

• ADMIN – For Certain users logging in to the Certain app. (See below.)

• ATTENDEE LOGIN – (See below.)

• • For attendees using forms to register, or logging back in to a form. (See below.)

  • For attendees logging in to a Certain Mobile web app. (See below.)

  • For speakers logging in to a Speaker Portal. (See below.)

  • For reviewers logging in to a Reviewer Portal. (See below.)

• CHECK-IN APP – For Certain users logging in to the Certain Check-In app, which they will use to check attendees in at an event. (See below.)

"Admin" SSOs

For Certain users to log in without using their Certain username and password.

If Certain has configured an "ADMIN" SSO for your system (on Account Settings > Management > Single Sign-On), then users of the Certain platform who have signed in to your corporate system do not have to enter another user name and password to access Certain. (They do still need to have a matching User record in Certain.)

Note: Only one  ADMIN SSO can be activated for a system at any one time.

"Attendee Login" SSOs

For attendees logging in to registration forms or the Mobile web app, for speakers logging in to a Speaker Portal, and for reviewers logging in to a Reviewer Portal,

Here are the steps to set up and use "Attendee Login" SSOs. The first six steps are the same for Forms, Mobile, Speaker Portal, and Reviewer Portal. (The remaining steps are explained under each of those headings below.)

For all four uses, these six steps must be completed first.

1. System: Certain creates and sets up one or more "ATTENDEE LOGIN" SSOs for your system. (Certain "System Master" users only.)

2. Account: Enable SSO(s):
   An Administrator enables those "ATTENDEE LOGIN" SSOs for each account and sub-account in which they will be used.
   (Note: For an SSO to be available in a sub-account, it must first be enabled in the parent account.)
   • Go to Account Settings > Management > Single Sign-On and select the Enabled check box for the SSO(s) to be available. You can edit that SSO configuration in the next two steps.

3. Account: Configure SSO field mappings.
   An Administrator maps IDP fields to Certain Fields.
   Note: In a sub-account, you need to map these fields independently of the parent account, because the mappings are not "inherited" from the parent account.
   
   • On Account Settings > Management > Single Sign-On, click  for an enabled SSO, and select the Certain Fields to map to the IDP Fields.
   Note: The  Profile First Name and Profile Last Name in Certain must be mapped to the equivalent IDP fields. (Important: Don't map them both to the same IDP field: see the note in that help topic.)

4. Account: Customize SSO button. (Optional)
   An Administrator can customize the appearance of the SSO login button(s) for each SSO connection to be used on Forms, Mobile, the Speaker Portal, and the Reviewer Portal.
   • On Account Settings > Management > Single Sign-On, click  for an enabled SSO, and edit the Button ... settings (color, text, icon, and class).
   Note: These button settings for an SSO Connection are used on all  forms set to use that connection. The same button settings are also used for Mobile, the Speaker Portal , and the Reviewer Portal, if those are set to use the same connection. You don't edit these settings further at those lower levels.

5. Event: An Administrator enables the Single Sign-On module for the event.
   In the event, go to Plan > Configure > Options, and select the Single Sign-On Module under Functional Areas to be enabled for this event.

6. Event: An Administrator configures the SSO for an event.
   In the event, go to Plan > Configure > Single Sign-On, and select the Enabled check box for the SSO(s) to be available for use in the event.
   That makes them available to the event's forms, its Mobile web app, its Speaker Portal, and its Reviewer Portal..
   (Note: You don't "edit" an SSO; you just select its check box in the list of SSOs.)

In Forms

For attendees registering on registration forms, or logging back in to a form after having registered.

These are the remaining steps after 1–6 above. (See especially step 4, about customizing the SSO button.)

7. Form: An Event Builder selects the SSO(s) to be available on a form.
   • In the event, go to Plan > Forms > Entry to edit the Entry section for the form, and select the SSO(s) to be used.
   (The list available is of those enabled in step 6, above.)

8. Attendees: When an attendee is registering on that form, they can click a button on the entry page (for example, LinkedIn or Facebook) to pre-populate their details.

9. Attendees: Once an attendee has registered using an SSO, they can log back in using the same SSO, or their Username and Password, but not using a different SSO.
   Example: If the form offered the choice of LinkedIn and Facebook, and they used LinkedIn to register, they could not use Facebook to log back in.
   Note: An attendee who registered without using an SSO connection, cannot log back in to their registration using one; they can only log in using their Username and Password.

For a Certain Mobile HTML5 Web App

For attendees logging in to a Certain Mobile web app.

These are the remaining steps after 1–6 above. (See especially step 4, about customizing the SSO button.)

7. Mobile: An Event Builder selects the SSO(s) to be available on the Login page of the Mobile web app.
   • In the event, go to Engage > Mobile > Content > Login to edit the Login page, and select the SSO(s) to be used.
   (The list available is of those enabled in step 6, above.)

8. Attendees: When an attendee is logging in to the Certain Mobile web app, if they registered using an SSO (see "In Forms", above) they can click the same button on the Login page (for example, LinkedIn) to log in to Mobile using those credentials. (Or they can log in with their Username and Password.)
   Note: An attendee who registered without using an SSO connection cannot log in to the Mobile web app using one; they can only log in using their Username and Password.

For a Speaker Portal

Available only if these options are enabled for the event (in Plan > Configure > Options):

• Speaker and Session Management module

• Conference Sessions option

These are the remaining steps after 1–6 above. (See especially step 4, about customizing the SSO button.)

7. Speaker Portal: An Event Builder selects the SSO(s) to be available on the Login page of the Speaker Portal.
   In the event, go to Manage > Speakers and Sessions > Speaker Portal > Login to edit the Login page, and select the SSO(s) to be used.
   (The list available is of those enabled in step 6, above.)

8. Speakers: When a speaker first registers in the Speaker Portal, they can click a button on the Login page (for example, LinkedIn) to pre-populate their details using those credentials.

9. Speakers: Once a speaker has registered using an SSO, they can log in to the Speaker Portal using the same SSO, or their Username and Password, but not a different SSO.
   Example: If the Speaker Portal offered the choice of LinkedIn and Facebook, and they used LinkedIn to register, they could not use Facebook to log in.
   Note: A speaker who registered without using an SSO connection, cannot log in using one; they can only log in using their Username and Password.

For a Reviewer Portal

Available only if these options are enabled for the event (in Plan > Configure > Options):

• Speaker and Session Management module

• Conference Sessions option

These are the remaining steps after 1–6 above. (See especially step 4, about customizing the SSO button.)

7. Reviewer Portal: An Event Builder selects the SSO(s) to be available on the Login page of the Reviewer Portal.
   In the event, go to Manage > Speakers and Sessions > Reviewer Portal > Login to edit the Login page, and select the SSO(s) to be used.
   (The list available is of those enabled in step 6, above.)

8. Reviewers: When a reviewer goes to the Reviewer Portal they can click a button on the Login page (for example, LinkedIn) to pre-populate their details using those credentials.

9. Reviewers: Once a reviewer has registered using an SSO, they can log in to the Reviewer Portal using the same SSO, or their Username and Password, but not a different SSO.
   Example: If the Reviewer Portal offered the choice of LinkedIn and Facebook, and they used LinkedIn to register, they could not use Facebook to log in.
   Note: A reviewer who registered without using an SSO connection, cannot log in using one; they can only log in using their Username and Password.

"Check-In App" SSOs

For Certain users logging in to the Certain Check-In app.

If Certain has configured a "CHECK-IN APP" SSO for your system, Check-In users can log in with their SSO credentials instead of their Certain username and password. (They do still need to have a User record in Certain.)

The workflow is simple:

1. Certain sets up a "CHECK-IN APP" SSO for your system. (Certain "System Master" users only.)

2. Account or Sub-Account: No configuration is required in an account or sub-account.
   • If a "CHECK-IN APP" SSO is enabled for a system, it is automatically enabled for all accounts / sub-accounts.

3. Event: No configuration is required at the event level:
   • Nothing in Event > Configure > Single Sign-On
   • Nothing in Event > Engage > Check-In

4. Check-In Users: When a Certain user logs in to Certain Check-In on their mobile device, they can click the gear icon on the Login page to select the SSO and use those credentials to log in.
   • They can now use the app to check attendees in at an event, just as if they had logged in with their Certain username and password.

Note: Only one CHECK-IN APP SSO can be activated for a system at any one time.