ReturnSafe can be integrated with most cloud authentication providers enabling employees to log in with their company credentials. This article gives an overview of capabilities and describes the general process for SSO setup.
ReturnSafe has authentication connectors for most modern day cloud identity providers which many of our customers use to facilitate thousands of secure employee check-ins daily. These services are built on top of protocols like SAML, OIDC, OAuth, etc. which give us the ability to seamlessly connect and authenticate against popular systems like Azure Active Directory, OKTA, Ping Identity, OneLogin etc. We recommend using SAML (Security Assertion Markup Language), if available, as the standard of choice to exchange authentication and authorization data between your corporate system (the identity provider) and ReturnSafe (the service provider). We support both SAML 1.1 and SAML 2.0.
Our connectors also offer the ability to retrieve user attributes through claims. These are used for our contact tracing & logbook features and are also displayed on reports in the Command Center.
SSO Setup Process
For customers licensed for integration, our customer onboarding process includes steps for the auth setup. If you would like to integrate with SSO, but don't have a license type that supports it, please contact your ReturnSafe Account Executive or email@example.com.
- Your ReturnSafe Customer Success Manager will review requirements for SSO including optional user attributes and document them in the success plan.
- They will then schedule a working session with one of our Solution Architects and a designated representative from your IT team.
- The Solution Architect and your IT team will go through the SSO set up on call. This usually includes :
- Configuring authentication URLs at both ends.
- Assigning users. IMPORTANT: ensure that all users who will be accessing ReturnSafe are assigned to a role in the SSO provider that is granted access to ReturnSafe.
- Setting up user attributes and claims
- Testing the connection with an existing user
- Making sure attributes are coming in
- After set up is complete, the SA will mark the auth service ready so that it can be used by your apps once they are provisioned.