Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

SSO works based on a trust relationship set up between an application, known as the service provider, and an Identity Provider (IdP). This trust relationship is often based on a certificate that is exchanged between the identity provider and the service provider.

Applause platform provides Single Sign-On (SSO) capability for the customers, so that the customer users can access the Applause Customer App without having to sign in each time. To provide access to the Customer App, users are authenticated with the customer's Identity Provider (IdP).

Applause SSO - Scope

• Based on SAML 2.0 standard which is the most common in Enterprise SSO 
• SSO is configured and managed per domain
• Each domain is configured to authenticate with only one Identity Provider (IdP)
• Users need to be provisioned ahead of time in Applause platform, no on-demand user provisioning
• If SSO is enabled 
  
  • All users whose email domain matches one of the company’s claimed and verified domains, will use SSO to access Applause platform
  • Users whose email domain does not match any of the company’s claimed and verified domains, will have to use username and password to log in
  • All users with emails that use plus aliasing (e.g. joe+alias1@companyfoo.com) must login using their Applause platform email and password
• If SSO is disabled
  
  • All users have to use username and password to log in

Applause SSO - Process Flow

1. Please create a Support ticket by visiting https://support.applause.com. Please be sure to provide the user name and email id in the Support ticket to create CAA. You can also contact your account team and provide them with the user name and email id for the CAA. They can create a support ticket on your behalf.
2. Add a domain claim by entering the domain name.
3. Verify the domain claim.
4. Configure SSO by providing a SAML metadata file.
5. Enable SSO for that domain.
   
   • Disable SSO for that domain if needed.
6. Users log into the Applause Customer App using SSO.
   
   • If the user was not already authenticated by the IdP, they will be redirected to the IdP’s login page and authenticated.

Note: Please note that at this time, Applause does not support identity provider initiated SSO. Applause currently only supports service provider initiated SSO.

 

Creating a Customer Access Admin User for SSO Configuration

In order to configure SSO, a new user with the role “Customer Access Admin” (CAA)  needs to be created by contacting the Applause Support or Applause Account team.

• The CAA user’s primary responsibility is to manage SSO. They will not have access to Applause testing management information.
• The CAA user is the only one who can configure and manage SSO for that company or a domain.
  
  • They can open the SSO configuration page from the left navigation menu.
• In some smaller organizations, Primary Testing Manager might be able to perform the role of CAA. In that case, a Primary Testing Manager might be assigned an additional role as CAA.
• CAA users will always use Username and Password to access Applause and they will not be SSO enabled.
  
  • This is so that in case of any SSO issues, a CAA user can still log in and take any corrective actions if needed.
• Configuring SSO requires access to IT web infrastructure in the company. Typically this role would be assigned to someone who takes care of user provisioning and other IT infrastructure in a company.