Learn to set up single sign-on for your Engagement Cloud account using an Identity Service Provider (IdP).
Overview
Single sign-on (SSO) is a method for authenticating users. With SSO, a user can use a single set of credentials to log into several different applications – such as Engagement Cloud.
SSO is beneficial for users who want to make it easy for their users to log in, to reduce their overheads for password management, and to control password access centrally within their organization.
You can use SSO with any identity provider that supports the OpenID Connect standard. However, in this article, we show you how to get started with SSO using Azure Active Directory, Okta, and Google (GSuite).
To learn more about the OpenID Connect Standard, check out the OpenID website.
Before you start
Things you need to know:
- You must have an account with an Identity Service Provider (IdP) that supports the OpenID Connect standard.
- You must be an account owner in Engagement Cloud.
Set up Single Sign-On (SSO) for your account
Getting started with single sign-on (SSO) is a four-step process:
- Order the single sign-on feature for your account
- Set up your IdP for Engagement Cloud SSO
- Complete the SSO configuration form
- Add your IdP users to Engagement Cloud
Step 1: Order the SSO feature for your account
To order the single sign-on (SSO) feature for your Engagement Cloud account, contact your Account manager or Customer success manager.
Step 2: Set up your IdP for Engagement Cloud SSO
Before setting up SSO on your account, you must set up and get some information from your Identity Services Provider (IdP).
Every provider differs in the process, but to help, we have guides on how to do this for Azure Active Directory, Okta, and Google workspace. But as long as your IdP supports OpenID connect, you should be able to complete this process with a different IdP.
Here's what you'll do in your IdP:
- Add a new instance for Engagement Cloud.
- Add redirect URLs for the two URLs:
https://login.dotdigital.com/Sso/Authenticate
https://login-sso.dotdigital.com/Sso/Authenticate
- Get your Client ID, Client Secret, and Metadata endpoint.
Instructions for your IdP
- Azure Active Directory: Set up and find SSO configuration information
- Okta: Set up and find SSO configuration information
- Google Workspace: Set up and find SSO configuration information
Step 3: Complete the SSO configuration form
After you order SSO with us, we send you a secure form in a support ticket to collect the information you gathered from your IdP in Step 2: Set up your IdP for Engagement Cloud SSO.
To fill the secure form:
- Go to the secure form.
- Under Your details, enter your First name, Last name, and Company name.
- Under Your secrets, enter your Client secret, Client ID or Application (client) ID, and metadata endpoint in the Notes box.
- Select Submit secrets.
We'll then configure SSO on your account.
Once we receive your details, we'll get to work configuring SSO on your account. This process is not instant. After we have everything set up, we'll send you a confirmation to let you know you can start using SSO on your Engagement Cloud account.
Step 4: Add IdP users to Engagement Cloud
The final step is to make sure all your users have an account in Engagement Cloud.
To add users for SSO, you must create an Engagement Cloud user account for all users you want to access Engagement Cloud – if they don't already have one. All users’ email addresses in Engagement Cloud must match the users’ email addresses in your identity service provider.
To learn how to create new users in Engagement Cloud, check out the article Add a user.