Get the latest inspection trends and ideas right in your inbox.

All Resources

Announcing Support for Single Sign-On

We are delighted to announce that Ready Room now supports Single Sign-On for our customers that use Azure Active Directory (Azure AD) as a corporate identity provider. Support for single sign-on significantly improves security, regulatory compliance, and user satisfaction.

What is Single Sign-On?

Put simply, single sign-on (SSO) allows you to use your corporate credentials and security practices to access Ready Room. That is, instead of creating (and remembering!) a distinct username and password in Ready Room, you can now use the same corporate identity that you use to log into your computer, email, and other organizational resources.

Moreover, since Ready Room is using the same identity provider (IdP) as you, currently Azure AD, all of your additional security measures still apply, e.g. multi-factor authentication and password complexity rules. In addition, when a team member is deactivated in the IdP, they are deactivated in Ready Room, you no longer have to remember to disable their account separately.

The Details

To log in with your corporate credentials, simply go to the Ready Room login page (you may need to sign out first) and click the “Log In with your Corporate Credentials” button, ignoring the conventional login form above it. What happens next depends on a number of factors.

If this is the first time you are logging in via SSO, you may be asked to grant Ready Room access to a limited set of your account information. We ask for the smallest set of information that is allowed, but are really only concerned with your email address and your name. That said, during account setup, an Azure AD administrator may have granted these privileges to Ready Room on your behalf, and you will not see this request.

Once permission has been granted, if you are not logged in, you will see the familiar Azure AD login screen and you can authenticate to AD as always, after which you will be redirected back to Ready Room. If you are already logged in, however, you will be sent directly to the Ready Room home screen.

If you were a conventional user whose employer has turned on SSO, you can no longer log in using your old username and password. Similarly, the “Keep me logged in for 60 days” toggle is no longer effective and you won’t be able to start the “Forgot your password?” flow. An SSO user can no longer change their display name or their password in Ready Room, since those are now managed by their employer. If a user’s name is changed in the IdP, it will be updated in Ready Room the next time they log in. Ready Room still manages a user’s time zone setting.

An SSO login session lasts until the user either actively signs out of Ready Room or closes their browser. Logging out of the IdP does not immediately log you out of Ready Room.

Not all employees of an SSO-enabled account are automatically Ready Room users. Team members must still be invited into the system by a Ready Room administrator and that invitation must be accepted by the user. Only then will they be allowed to log in via SSO. This is true of conventional users too, of course. As always, invitations expire after one week. If an invitation has not been accepted in time, it can be resent.

It should go without saying, but if you invite someone external to your organization into an inspection, they are not bound by your identity provider. They will log in using the standard username and password fields, unless their employer is also an SSO-enabled Ready Room account.

Call to Action

If your organization uses Azure AD as an identity provider, you are strongly encouraged to contact us at support@readyroom.net to enable single sign-on as soon as you can. Eventually, we will allow customers to turn SSO on and off themselves, but for now we want to make sure that everything goes smoothly. It only takes a minute and it can easily be undone.

If your organization is using a different IdP, such as Okta, Ping, or Google, please let us know. Now that the core work is completed, in most cases we can enable support for new IdPs within a week or two of being asked.

The use of single sign-on greatly enhances security, improves usability, and helps with regulatory compliance, all while lowering IT costs. Please contact us today.

Related Posts