Single Sign-On (SSO)
Single Sign-On (SSO) gives the ability to sign into cloud platforms using an Identity Provider (IdP). Modern enterprises use multiple software solutions in conjunction to provide the best service to their customers. SSO plays a vital role in making the access management of these applications seamless and singular. The complexities associated with managing a relatively large number of users each using several applications at time is reduced significantly by SSO. It improves organizational security by binding all credentials to one source.
TaskCall understands the need for SSO for your business. We provide out of the box SSO integrations with the most popular IdPs. Use our SSO integrations to enhance your system security and user provisioning.
SSO is only available for the Digital Operations pricing plan.
Benefits of SSO
IdP based access: Log in to your TaskCall account using the credentials of your Identity Provider. No need to struggle with a new set of credentials.
User provisioning: Let users auto provision (auto register) themselves on to their organizational TaskCall account upon first sign in with their IdP without requiring admins to allocate a new user account.
Currently TaskCall offers integrations with the following IdPs. They are all based on the OpenID Connect (OIDC) protocol. Follow their respective guidelines to configure your account.
Only the Owner of the organization account can configure SSO settings.
- To log in with your SSO credentials click the Log In With Your Identity Provider button. This will take you to the SSO login page.
- Enter your TaskCall organization subdomain. This is not the subdomain you have with your identity provider. It is the subdomain of your TaskCall account.
- Click Log In With Your Identity Provider again. TaskCall will direct you to the correct login page for your configured identity provider.
- After your identity provider verifies your account, you will be redirected to TaskCall.
The login experience is the same for both the web and mobile applications.
If auto provisioning is enabled users will be able to self-register on the platform upon first sign in. They will still be required to fill in a short form and provide their full name, preferred username, phone number and language preference. Once they complete the form, they are directly taken to their TaskCall dashboard.
Newly auto provisioned users get assigned the default role set in the SSO configuration. Make sure to set the correct default role. The role can be changed after the user signs in.
If auto provisioning is not enabled and a user tries to log in with their identity provider without having registered an account on TaskCall beforehand, then an error will be shown to the user saying that they are not allowed to be auto provisioned and must contact their system admin for permission.
If a user is removed from their identity provider, their account will not be removed from TaskCall automatically. System admins must remove users from their TaskCall account separately.
Are multiple SSO configurations allowed?
No. One account can only have one SSO configuration at a time.
Is regular login restricted for all when the "Login with TaskCall credentials" option is not selected?
The Owner of the account will always be allowed to login with their TaskCall credentials even if their SSO configuration does not allow so. This is to ensure that at least the Owner of the account is never blocked from access.