As a Beaconstac enterprise customer, you can now enable SSO login to Beaconstac right from the dashboard in five simple steps.
Beaconstac SSO uses SAML protocol which ensures that employees can use their organization credentials to securely login to Beaconstac from any device or location without compromising on security and identity.
NOTE - SSO Login is only available to users subscribed to the enterprise plan.
How to setup SSO login
Step 1 - Navigate to the SSO option
Select ‘SSO setup’ on the top right of the screen.
NOTE - This option is available only to the owner or administrators of the organization.
Step 3 - Connect Beaconstac to your IdP
You will be given an audience and application callback URL in the window that appears. Login to your trusted identity provider and enter the 'Audience' and 'Application Callback URL' details when prompted.
To create an IdP-initiated SSO login, turn the switch on. You will then be given a login URL to enter into your Identity Provider.
NOTE - By default, Beaconstac provides SP-initiated login. This is because IdP-initiated logins pose security risks. Make sure you understand the security risks before enabling IdP-initiated SSO.
Step 4 - Enter IdP details
Your Identity Provider will generate the login and logout URLs, along with an X509 signing certificate. Enter these under ‘Service provider settings’. Note that entering a logout URL is not mandatory.
Step 5 - Test SSO login
Once you’re confident that you’ve entered the correct details, turn on the ‘Enabled’ switch and click on ‘Save’.
NOTE - We recommend testing SSO login credentials before logging out as the admin. If the credentials are incorrect, a logged-out admin will not be able to log in again. Keep the admin tab open, and test the SSO login credentials by using SSO login in Incognito mode. Once you are confident that the details have been entered correctly, you can log out as admin and use SSO login in the future.