Single Sign-On

Single sign-on (SSO) is an authentication method that allows users to securely log into multiple related software systems using a single ID (or username) and password. This allows users to log in once to be able to access services without re-authenticating.

InEvent supports integration with the SSO methods listed below:

This article will take you through the steps of configuring SSO integration to handle user sign-in process.

Configuring SSO integration requires technical knowledge and special administrative privileges. Therefore, it is best configured by experts.

How do I configure SSO integration?

This section will guide you to configure SSO integration with SAML 2.0, Azure Active Directory (OIDC), and OpenID Connect.

Whitelisting your domain

Before starting to configure SSO integration, it is necessary to first whitelist your domain(s). To whitelist your domain(s), contact InEvent by submitting a Question using the Issue report feature.

Click here to find out how to raise an Issue report.

Once your domain has been whitelisted, it will appear under Whitelisted domains on the Company details page, as seen below:

Note that after your domain is whitelisted, it needs to be verified before you can configure SSO integration.

InEvent will generate a DNS setting which you need to add to your domain for verification purposes. Once this step has been completed, your domain status will change from Not verified to Verified, and you can proceed to configure SSO integration.

Configuring SAML 2.0 SSO integration

This section describes how you can integrate SAML 2.0 SSO to InEvent with OneLogin as an example.

Setting up SAML 2.0 SSO with OneLogin

Check out the video linked below to set up SAML 2.0 SSO with OneLogin:

Integrating OneLogin SSO to InEvent with SAML 2.0 protocol

To configure SAML 2.0 SSO integration with OneLogin, follow the steps described below:

  1. Navigate to Integrations > SSO from the Company level.
If you are configuring from the Event level, navigate to Settings > Integrations > SSO.
  1. Choose SAML 2.0 entry in the Sign on method drop-down box.
  2. Click Edit on the top right corner of the page.
  1. Insert the parameters below into the corresponding fields:
  • Issuer Name: The name of the SSO Identity Provider (IdP) issuing the SAML request.
  • Issuer URL: A URL that identifies the IdP issuing the SAML request.
  • SAML 2.0 Endpoint (HTTP): The sign-in URL that functions as a protocol to sign into the service.
  • SLO Endpoint (HTTP): The Single log-out Endpoint (SLO Endpoint) that functions as a protocol to log-out from the service.
SP Metadata or Identifier: Endpoint/ACS/Reply URL for SAML can be accessed using this link inevent.com/{{your company nickname}}/sso-auth.php?meta=true.
  • X-509 Certificate: Digital certificate that verifies ownership of a public key. You can access the information by clicking on Get metadata.

  1. Press the blue button Save settings to finish the configuration.
Once you have completed the steps above, log in to the platform from an incognito window to ensure that the log in process behaves as intended.

Configuring Azure Active Directory SSO integration

This section will guide you to configure SSO integration with Microsoft Azure Active DIrectory. This integration uses the Open ID Connect (OIDC) authentication protocol. After completing these steps, user log-ins will be handled by Azure Active Directory.

To ensure this integration behaves as intended, verify that you have an active and valid subscription to Azure Active Directory.
Preparing Azure Active Directory SSO integration within InEvent
  1. Navigate to Integrations > SSO from the Company level.
If you are configuring from the Event level, navigate to Settings > Integrations > SSO.
  1. Select Azure ID (OIDC) in the Sign on method drop down box.
  2. Locate Redirect URI within the page. This URI is necessary for setting up your app in Azure Active Directory.
Setting up your app in Azure Active Directory
  1. Log into Microsoft Azure Portal.
  2. Navigate to Active Directory under Azure services within the Azure Management Portal.
  1. Click App registrations from the left panel.
  2. Click New registration.
  1. Enter the necessary details below:
  • Name: An identifier to the app you will be using Azure log in for.
  • Supported account types (required): Group of user accounts to be permitted to log in. Select as needed.
  • Redirect URI: Azure will return authentication responses to this URI after authenticating users successfully. This URI is found by navigating to the Company level in the InEvent platform > Integrations > SSO > Sign on method: Azure ID (OIDC) > Redirect URI.

Once you have entered the required information, you will be redirected to the Overview page of the newly created app.

  1. Locate Application (client) ID and Directory (tenant) ID within the Essentials section. Copy these IDs as they are needed to configure SSO integration within the InEvent platform.
  1. Navigate to Certificates & Secrets.
  2. Press New client secret to generate Azure Application Secret Value.
  1. Enter the client secret description and expiration period as needed. This will generate a Secret Value.
  1. Locate the newly generated Secret Value. Copy this secret as it is needed to configure SSO integration within the InEvent platform.
Secret Value is only visible immediately after creation until you close the page. Ensure that you save the secret immediately after it is generated.
Integrating Azure Active Directory SSO to InEvent

Once you have finished setting up your app in Azure Active Directory and collected the necessary details, you can proceed to integrate Azure Active Directory SSO to the InEvent platform. Complete the following steps:

  1. Navigate to Integrations > SSO from the Company level and select Azure AD (OIDC) in the Sign on method drop down box.
If you are configuring from the Event level, navigate to Settings > Integrations > SSO.
  1. Click Edit.
  2. Insert the parameters below into the corresponding field:
  • Issuer Name
  • Azure Directory (tenant) ID (previously copied from your Azure AD account)
  • Azure Application (client) ID (previously copied from your Azure AD account)
  • Azure Application Secret Value (previously copied from your Azure AD account)
  1. Press Save settings to finish the configuration process.

Once the integration is complete, the page will be updated with the following information:

Configuring OpenID Connect SSO integration

InEvent supports certified SSO OIDC Identity Providers, such as:

  • OneLogin
  • G Suite
  • Other Identity Providers that use OAuth 2.0 authentication protocol
Integrating OpenID Connect SSO with InEvent
Before integrating your OpenID Connect SSO with InEvent, ensure that you have created an application project within your IdP portal. Also ensure that you have generated and copied all the necessary keys (App ID and Secret).
To learn how to create your application project and generate keys, consult your IdP documentation.
  1. Navigate to Integrations > SSO from the Company level.
If you are configuring from the Event level, navigate to Settings > Integrations > SSO.
  1. Select Open ID Connect in the Sign on method drop down box.
  2. Click Edit.
  1. Insert the parameters below into the corresponding field:
  • Issuer Name: The name of the SSO Identity Provider (IdP).
  • OpenID Connect URL: The URL that accepts the OpenID Connect request.
  • OpenID Connect App ID: OpenID Connect Client ID provided by your IdP.
  • OpenID Connect App Secret: OpenID Connect secret provided by your IdP.

Log in experience

After successfully integrating SSO to InEvent, users will undergo a slightly different log in process.

To avoid errors during the sign in process, ensure that all the credentials you have provided are correct and your domain is whitelisted at the Company level.
Event organizers

Event organizers with administrator permissions will see the interface below when logging into the platform:

Upon pressing Login, they will be directed to the SSO portal to enter their user credentials, as shown below (with OneLogin as an example).

Once the log in process has been completed, they will be redirected to the InEvent platform.

Attendees

Attendees will see the interface below when logging into the platform:

SSO login option to access the VL

Upon pressing Login, they will be directed to the SSO portal to enter their user credentials, as shown below (with OneLogin as an example):

Once the log in process has been completed, they will be redirected to the InEvent platform.

When using One Time Login, a domain is created. This domain will need to grant access to the attendees who wish to use Single-Sign On as an authentication method. Another option would be to add attendees to the domain's DNS.

Allowing non-SSO log in

It is possible to allow non-SSO log in when SSO is enabled and activated. In order to allow non-SSO login, follow the steps below:

  1. Navigate to Account > Tools from the Company level
  2. Click Edit.
  3. Locate Allow non-SSO login under the Login section.
  4. Check the box to enable the function.
  5. Press End to save your changes.


How Did We Do?