What is Single Sign On (SSO)?
Single Sign On (SSO) is an authentication scheme that allows users to log in with a single ID and password to any of several related yet independent software systems.
In the case of Mallcomm SSO, each user will have a single account to access their CMS and app profiles.
Why are you changing the way I sign on?
Single Sign On brings a host of benefits, both to you as the user and to your organisation, including a faster, simpler login experience and enhanced security. As a user, you will need to remember and change fewer passwords, and for IT departments it significantly reduces the management overhead involved in maintaining the accounts.
Do I need to upgrade to SSO?
Unless mandated by your organisation, you will still be able to log in the same way as before if you chose. The updates provide new ways for you to connect with the system. In some cases, however, your organisation policy may require you to use SSO.
See: What changes will I notice as a CMS user?
What changes will I notice as a CMS user?
For most users, changes will be cosmetic, but we have taken the opportunity to make some general improvements that we hope you will appreciate. The first time you log on after the update, your account will be upgraded automatically to create a Mallcomm unified account but this process will be transparent to you and not affect the way you log in.
You will still login using the same email and password combination you used in the past.
CMS user logins
You will notice a change to the login page in both styling and the ability to use SSO. The SSO options for you will depend on your account type and what has been configured for your account.
You will see the ‘Login with Google’ and the ‘Login with Microsoft’ buttons, however, the account used must match your CMS email address for you to be able to log in this way.
For example, if my usual CMS login email is matt@mallcommapp.com but my Google SSO account is linked to matt@gmail.com, I will not be able to access the CMS via SSO, I will need to use my existing email and password combination.
For most users, until Enterprise login is set up, you will continue to use the same email and password combination you have been using. Contact your administrator or Mallcomm account manager for more information on using Enterprise SSO.
Changes to the edit person page
You will also notice a change to the ‘Edit People’ screen. It will no longer be possible to update an app user’s or passwords, as this now comes from their Mallcomm unified account.
Sign-out has moved
You will see the addition of an avatar in the top right of the navigation bar. Here you will be able to sign out, it will no longer be in the ‘Manage’ dropdown navigation.
Introducing the Mallcomm account page
From the avatar, you can also access your new mallcomm account. This is where you access and control your Mallcomm unified account data, activate 2-factor authentication, and request full data deletion if you so wish.
How do I add new CMS users?
Accounts with access to the CMS are created by invite only. This will not change - you still invite and approve users exactly as you do now by adding them in the CMS with new users needing to validate their credentials. Users will still require a CMS account to be created for them even if they are using an Enterprise SSO login.
What is 2-factor authentication?
2-Step Verification (also known as two-factor authentication), adds an extra layer of security to user accounts in case a password is stolen. It requires confirmation on a different device before allowing a login attempt to succeed.
2FA is available to users who continue to use an email and password login. You can set up 2-step verification in your Mallcomm account and once set up, you’ll sign in to your account in two steps using:
- Something you know, like your password
- Something you have, like your phone
If you use an SSO provider such as Google or Okta, you will be able to use your provider's 2FA system to secure your password - follow their instructions to manage this.
What is Enterprise SSO?
Enterprise SSO enables companies to configure our system to use their own staff directories for logging in and require a user to sign in with the SSO feature.
As part of this, you will have your own bespoke login URL and can log in with just one click.
Aside from the ease of login, there is the added benefit to your IT staff of being able to manage all of your CMS users from a single directory, so should you need to remove anyone (for example if they leave), you can just do it in a single place to prevent them from accessing your CMS.
For launch, we will be supporting two mainstream enterprise providers, if you use something different, please get in touch.
Setting Up SSO with Azure AD
If you use Azure directory services and want to use this as your authentication gateway, please see the following article on setting up integration with Mallcomm. Note that you should contact your account manager first as we will need to coordinate this with our operations team.
https://support.mallcommapp.com/knowledge/setting-up-sso-with-azure-ad
Setting Up SSO with Okta
If you use Okta directory services and want to use this as your authentication gateway, please see the following article on setting up integration with Mallcomm. Note that you should contact your account manager first as we will need to coordinate this with our operations team.
https://support.mallcommapp.com/knowledge/setting-up-sso-with-okta
Do you have any more questions or something you are unsure about? Or do you want to know more about setting up an enterprise SSO solution? Reach out and our team is here to help. Email us on support@mallcommapp.com.