Single Sign-On (SSO) is an authentication process that allows a user to access multiple applications or services with a single login credential (such as username and password). It provides the following advantages:

• Mitigates risk for access to third-party sites by requiring additional security steps.
• Enables users to remember and manage fewer passwords and usernames for each application.
• Streamlines signing on and using applications. You don't need to re-enter passwords.

The SmartReach platform allows you to log on using a third-party identity provider (IdP). Currently, the SmartReach platform supports Okta and Azure. You can easily configure and manage the Okta settings to manage SSO. Contact the SmartReach Customer Care Team to request that they enable SSO functionality on your site.

SmartReach SSO supports the following two protocols: 

• Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between an identity provider and a service provider.  SAML 2.0 is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about an end user between an Identity Provider and a Service Provider. SAML 2.0 enables web-based, cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.
• OpenID Connect (OIDC) - OIDC is an authentication layer on top of the OAuth 2.0 authorization framework. It allows computing clients to verify the identity of an end user based on the authentication performed by an authorization server, as well as to obtain the basic profile information about the end user in an interoperable and REST-like manner. OpenID Connect specifies a RESTful HTTP API, using JSON as a data format. OpenID Connect allows a range of parties, including web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end users. The OpenID Connect specification is extensible, supporting optional features such as the encryption of identity data, the discovery of OpenID providers, and session management.

For Single Sign-On, SmartReach is the service provider, and Okta or Azure is the identity provider (IdP). An identity provider enables a customer to use single sign-on authentication to access the platform.

Service provider-initiated SSO: When a user requests access to SmartReach through a URL, the service provider redirects the request to an IdP, such as Okta or Azure to authenticate the user. Identity providers store user credentials to authenticate users. The IdP authenticates the user and sends the response to the platform to allow access to the user.

Identity provider-initiated SSO: The identity provider stores user credentials to authenticate a user’s access to an application. Users access applications by logging in directly to the IdP.
SmartReach supports service-provider-initiated SSO and recommends using the SmartReach URLs to access the platform instead of the identity provider home page.
To configure SSO on SmartReach, see Configuring SSO in the SmartReach Admin Guide.