EZO CMMS offers multiple login options such as Google, Microsoft, LDAP, or SAML so your employees can sign in to the application without having to remember separate credentials for EZO CMMS.
You can select your preferred login options including SAML from Settings → Company Settings → Authentication → SAML → Update. You should first enable SAML from AddOns.
With SAML Single Sign-on as a login option, you can eliminate the use of passwords, centralize access control, and prevent illegal or unnecessary access from former employees.
This blog details how you can enable SAML SSO in your EZO CMMS account using Okta as an Identity Provider.
Let’s get started!
1. Adding the EZO CMMS application in Okta
To enable Okta SSO for EZO CMMS, you must first add the EZO CMMS application to your Okta account.
For this purpose, log in to your Okta account. Go to Applications and click on the ‘Add Application’ button.
This directs you to the Okta marketplace. Here, search for ‘EZO CMMS’ and add the application as shown.
Configure details such as Application Label and Subdomain, and hit ‘Done’.
Note: Make sure that you enter the correct value in the Subdomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to EZO CMMS.
The application is now added to your Okta account.
Note: Okta SSO is not ready to use until you have configured SAML 2.0 in EZO CMMS.
2. Configuring SAML 2.0 in EZO CMMS
2.1. View setup instructions in Okta
To configure SAML, navigate to the Sign On tab of your EZO CMMS application in Okta and click on ‘View Setup Instructions’.
Here, you can find all the key parameters you need to configure SAML 2.0 in EZO CMMS. These include the Identity Provider URL and Identity Provider Certificate.
2.2. Fill configuration settings in EZO CMMS
Now, traverse to your EZO CMMS account. Go to Settings → Add Ons → SAML Integration, and select ‘Enabled’.
This reveals additional settings as illustrated.
Configure these data fields using the information provided below:
- Identity Provider URL: Copy and paste the Identity Provider URL from Section 2.1.
- Identity Provider Certificate: Copy and paste the Identity Provider Certificate from Section 2.1.
- Login Button Text: Type your preferred text e.g. ‘Log in via Okta SSO’.
- Clock Drift (seconds): Enter your preferred value e.g. 1.
- First Name: Enter ‘first_name’.
- Last Name: Enter ‘last_name’.
- Email: Type ‘email’.
- EZO CMMS Role By default: Select your preferred option.
Click ‘Update’ once you’re done.
This is how the EZO CMMS login page should look like once SAML 2.0 has been configured in EZO CMMS.
3. Assigning the EZO CMMS application to users in Okta
Next, you must assign the EZO CMMS application to users that you want to give the SAML SSO login authorization.
In your Okta account, go to Applications → EZO CMMS → Assignments tab → Assign → Assign to People.
Select the users you want to assign EZO CMMS to and click on the ‘Assign’ button next to their name. Hit ‘Done’.
You can see that the user has now been assigned to EZO CMMS in Okta.
The user is now authorized to log into EZO CMMS using Okta SSO.
4. Login experience
Once Okta SSO has been set up, the following takes place when you try to log in to a SAML-enabled EZO CMMS account:
– You see the ‘Log in via Okta SSO’ button on the EZO CMMS login page.
– Clicking on the ‘Log in via Okta SSO’ button takes you to the Okta login page for authentication.
– If you are already signed in to Okta, you’ll directly land onto the EZO CMMS portal.
– The email addresses of users determine which EZO CMMS members they are.
– Users who aren’t added to an EZO CMMS account under the Members tab, but access that EZO CMMS account for the first time via SAML, are added as new Staff Users.
Note: If you want your employees to use Okta SSO as the only authentication option in EZO CMMS, you can disable other options from Settings → Company Settings → Authentication.
5. Provision users to a custom role
If you want to provision your employees and their respective roles in a way that their hierarchy is reflected in EZO CMMS, you can do so by selecting a Default Role that your users will get imported into EZO CMMS as.
To enable this setting, go to Settings → Add Ons → SAML Integration from your EZO CMMS account. Select your preferred custom role as a Default Role into which you want to provision a certain set of employees.
Let’s say, you want to import a set of Technicians from Okta into EZO CMMS. Select the following option and hit ‘Update’.
6. Okta Supported Features
Here’s a list of features supported by EZO CMMS in connection with Okta SSO using SAML.
1. IdP-initiated SSO
2. SP- initiated SSO
3. Just-in-time provisioning
About EZO CMMS
EZO CMMS is the next generation maintenance management software. It does more than just simple maintenance, it empowers your teams with a central command center to assign and complete work orders to achieve optimal productivity. We offer a free 15-day trial – no credit card required!