Single Sign-On

Single sign-on (SSO) is an authentication method that allows users to securely log in to multiple related software systems using a single ID (or username) and password. This allows users to log in once to be able to access services without re-authenticating.

InEvent supports integration with the SSO methods listed below:

This article will take you through the steps of configuring SSO integration to handle user sign-in process.

Configuring SSO integration requires technical knowledge and special administrative privileges. Therefore, it is best configured by experts.

How do I configure SSO integration?

This section will guide you to configure SSO integration with SAML 2.0, Azure Active Directory (OIDC), and OpenID Connect.

SSO integrations can be implemented either at the company level or the event level. Regardless of where the integration is configured, it will apply to both levels.

Whitelisting your domain

Before starting to configure SSO integration, it is necessary to first whitelist your domain(s). To whitelist your domain(s), contact InEvent by submitting a Question using the Issue report feature.

Click here to find out how to raise an Issue report.

Once your domain has been whitelisted, it will appear under Whitelisted domains on the Company details page, as seen below:

Screenshot showing the Whitelisted domains interface
Note that after your domain is whitelisted, it needs to be verified before you can configure SSO integration.

InEvent will generate a DNS setting which you need to add to your domain for verification purposes. Once this step has been completed, your domain status will change from Not verified to Verified, and you can proceed to configure SSO integration.

Configuring SAML 2.0 SSO integration

This section describes how you can integrate SAML 2.0 SSO to InEvent with OneLogin as an example.

Setting up SAML 2.0 SSO with OneLogin

Check out the video linked below to set up SAML 2.0 SSO with OneLogin:

Preparing OneLogin SSO with SAML 2.0 Protocol

This section will guide you on how to set up OneLogin SSO with SAML 2.0 protocol with OneLogin as the SAML initiator. Follow the steps below:

To ensure this integration behaves as intended, verify that you have a OneLogin account with administrator privileges.
  1. Navigate to Applications > Applications from your OneLogin administrator dashboard.
  2. Select the SAML Custom Connector (Advanced) from the list of available applications.
Screenshot showing the SAML Custom Connector (Advanced) selection at OneLogin.
  1. Enter your portal name, icon, and description details as needed.
  2. Click Save. You will be taken to the information page of your newly created app.
Screenshot showing the SSO details page at the OneLogin administrator panel.
  1. Navigate to the Configuration tab.
  2. Enter the details below into the corresponding fields, along with other fields if applicable:
  • ACS (Consumer) URL Validator^https:\/\/app\.inevent\.com\/{{company nickname}}\/sso\-auth\.php
Replace {{company nickname}} with your company nickname at InEvent. Your company nickname can be found in the Company Details.
If your company nickname at InEvent contains a dash (-), ensure that the dash is preceded with a backslash (\) for the URL to be validated properly. For example, if your company nickname is MyCompany-442834837, replace {{company nickname}} with MyCompany\-442834837.
  • ACS (Consumer) URLhttps://app.inevent.com/{{company nickname}}/sso-auth.php
Alternatively, go to Integrations > SSO from the Company level at InEvent and locate the SAML Redirect URL value.
  1. Click Save.
Screenshot showing the SSO Configuration page at the OneLogin administrator panel.
  1. Navigate to the SSO tab.
  2. Locate and copy the X.509 CertificateIssuer URLSAML 2.0 Endpoint (HTTP), and SLO Endpoint (HTTP) details. These details will be entered at the InEvent platform at the next step.

Screenshot showing the SSO details page at the OneLogin administrator panel.
Integrating OneLogin SSO to InEvent with SAML 2.0 protocol

Once you have finished configuring the SSO integration at OneLogin and collected the necessary details, you can proceed to integrate it to the InEvent platform by completing the following steps:

  1. Navigate to Integrations > SSO from the Company level.
If you are configuring from the Event level, navigate to Settings > Integrations > SSO.
  1. Choose SAML 2.0 entry in the Sign on method drop-down box.
  2. Insert the parameters below into the corresponding fields:
  • Issuer Name: OneLogin
  • Issuer Label (login button): Login with OneLogin, or the desired label to be displayed on the login screen
  • Issuer URL (previously copied from OneLogin)
  • SAML 2.0 Endpoint (HTTP) (previously copied from OneLogin)
  • SLO Endpoint (HTTP) (previously copied from OneLogin)
  • X-509 Certificate (previously copied from OneLogin)
  1. Press the green Link account button to finish the configuration.
Screenshot showing the SAML 2.0 integration screen at the InEvent platform.
Once you have completed the steps above, log in to the platform from an incognito window to ensure that the log in process behaves as intended.

Configuring Azure Active Directory SSO integration

This section will guide you to configure SSO integration with Microsoft Azure Active DIrectory. This integration uses the Open ID Connect (OIDC) authentication protocol. After completing these steps, user log-ins will be handled by Azure Active Directory.

To ensure this integration behaves as intended, verify that you have an active and valid subscription to Azure Active Directory.
Preparing Azure Active Directory SSO integration within InEvent
  1. Navigate to Integrations > SSO from the Company level.
If you are configuring from the Event level, navigate to Settings > Integrations > SSO.
  1. Select Azure ID (OIDC) in the Sign on method drop down box.
  2. Locate and copy Redirect URI within the page. This URI is necessary for setting up your app in Azure Active Directory.
Screenshot showing the Azure AD integration screen.
Setting up your app in Azure Active Directory
  1. Log in to Microsoft Azure Portal.
  2. Navigate to Active Directory under Azure services within the Azure Management Portal.
Setting up your app in Azure Active Directory
  1. Click App registrations from the left panel.
  2. Click New registration.
Setting up your app in Azure Active Directory > New registration
  1. Enter the necessary details below:
  • Name: An identifier to the app you will be using Azure log in for.
  • Supported account types (required): Group of user accounts to be permitted to log in. Select as needed.
When allowing user log ins from an organizational directory, ensure that you have set up a directory tenant and added users. Otherwise, users may experience authorization endpoint errors when logging in. For more information, refer to the official Microsoft guide on creating a new tenant and creating or deleting users in Azure AD.
  • Redirect URI: Azure will return authentication responses to this URI after authenticating users successfully. This URI is found by navigating to the Company level in the InEvent platform > Integrations > SSO > Sign on method: Azure ID (OIDC) > Redirect URI.

Once you have entered the required information, you will be redirected to the Overview page of the newly created app.

  1. Locate Application (client) ID and Directory (tenant) ID within the Essentials section. Copy these IDs as they are needed to configure SSO integration within the InEvent platform.
Setting up your app in Azure Active Directory > New registration
  1. Navigate to Certificates & Secrets.
  2. Press New client secret to generate Azure Application Secret Value.
Setting up your app in Azure Active Directory > New registration
  1. Enter the client secret description and expiration period as needed. This will generate a Secret Value.
Setting up your app in Azure Active Directory > New registration
  1. Locate the newly generated Secret Value. Copy this secret as it is needed to configure SSO integration within the InEvent platform.
Secret Value is only visible immediately after creation until you close the page. Ensure that you save the secret immediately after it is generated.
Setting up your app in Azure Active Directory > New registration
Integrating Azure Active Directory SSO to InEvent

Once you have finished setting up your app in Azure Active Directory and collected the necessary details, you can proceed to integrate Azure Active Directory SSO to the InEvent platform. Complete the following steps:

  1. Navigate to Integrations > SSO from the Company level and select Azure AD (OIDC) in the Sign on method drop down box.
If you are configuring from the Event level, navigate to Settings > Integrations > SSO.
  1. Insert the parameters below into the corresponding field:
  • Issuer Name
  • Issuer Label (login button): The label to be displayed on the login screen.
  • Azure Directory (tenant) ID (previously copied from your Azure AD account)
  • Azure Application (client) ID (previously copied from your Azure AD account)
  • Azure Application Secret Value (previously copied from your Azure AD account)
  1. Press Link account to finish the configuration process.
Screenshot showing the Azure AD (OIDC) integration configuration interface from the Company level

Once the integration is complete, you can set the session duration and also click on the Get metadata and Access login portal.

Screenshot showing the configured Azure AD (OIDC) details and the added information.

Configuring OpenID Connect SSO integration

InEvent supports certified SSO OIDC Identity Providers, such as:

  • OneLogin
  • G Suite
  • Other Identity Providers that use OAuth 2.0 authentication protocol
Preparing and setting up your app in the OpenID Connect SSO IdP platform

Before integrating an OpenID Connect SSO with InEvent, it is necessary to create a new app or project in your preferred OIDC IdP platform. The steps to create a new app or project may vary, depending on the platform.

When creating a new app, the platform will require OpenID Connect Redirect URI to be entered. The URI can be found by navigating to Integrations > SSO from the Company level and selecting to create a new OpenID Connect SSO integration.

Screenshot showing the OpenID Connect Redirect URI value from InEvent.
If Custom domain is in use, it is necessary to add a second URI that uses your custom domain. When doing so, simply replace app.inevent.com in the OpenID Connect Redirect URI with the domain name you have set at InEvent.
Integrating OpenID Connect SSO with InEvent

Before integrating your OpenID Connect SSO with InEvent, ensure that you have created an application project within your IdP portal. Also ensure that you have generated and copied all the necessary keys (App ID and Secret).
To learn how to create your application project and generate keys, consult your IdP documentation.
  1. Navigate to Integrations > SSO from the Company level.
If you are configuring from the Event level, navigate to Settings > Integrations > SSO.
  1. Select Open ID Connect in the Sign on method drop down box.
  2. Insert the parameters below into the corresponding field:
  • Issuer Name: The name of the SSO Identity Provider (IdP).
  • Issuer Label (login button): The label to be displayed on the login screen.
  • OpenID Connect URL: The URL that accepts the OpenID Connect request.
  • OpenID Connect App ID: OpenID Connect Client ID provided by your IdP.
  • OpenID Connect App Secret: OpenID Connect secret provided by your IdP.
  1. Press Link account to finish the configuration process.
Screenshot showing the OpenID Connect SSO integration configuration.
When using OpenID Connect, the provider configuration, which provides information such as endpoints and other configuration details, is stored in the .well-known configuration file ({OpenID Connect URL}/.well-known/openid-configuration).

Log in experience

After successfully integrating SSO to InEvent, users will undergo a slightly different log in process.

To avoid errors during the sign in process, ensure that all the credentials you have provided are correct and your domain is whitelisted at the Company level.
Event organizers

Event organizers with administrator permissions will see the interface below when logging into the platform (with OneLogin as an example):

Screenshots showing the log in flow using an Enterprise account.

Upon pressing Login with OneLogin, they will be directed to the SSO portal to enter their user credentials, as shown below (with OneLogin as an example).

Screenshots showing the log in flow using an Enterprise account.

Once the log in process has been completed, they will be redirected to the InEvent platform.

Attendees

Attendees will see the interface below when logging into the platform (with OneLogin as an example):

Screenshot showing the log in interface with OneLogin SSO enabled

Upon pressing Login with ONELOGIN (using ONELOGIN as an SSO example), they will be directed to the SSO portal to enter their user credentials, as shown below:

Screenshots showing the log in flow using an Enterprise account.

Once the log in process has been completed, they will be redirected to the InEvent platform.

When using One Time Login, a domain is created. This domain will need to grant access to the attendees who wish to use Single-Sign On as an authentication method. Another option would be to add attendees to the domain's DNS.
Log in through the app

When accessing the mobile app, users can log in to the app with SSO.

SSO log in

Upon pressing the desired SSO button, they will be directed to the SSO portal to enter their user credentials, as shown below, using OneLogin as an example.

Once the log in process is completed, they will be directed to the company's event directory, from where they have to select their target event.

Azure Active Directory log out experience

When Azure Active Directory SSO is integrated with the InEvent platform, users who are logged in using Azure AD SSO benefit from a simplified login and logout experience. When logging out from InEvent, they will also be logged out from Azure Active Directory.

When Azure Active Directory is integrated using SAML 2.0, users are redirected to the SAML logout page before returning to InEvent. When it is integrated using OpenID Connect, users are redirected to the Microsoft logout interface, where manual confirmation is required to complete the logout process.

For more information on integrating SSO with different protocols, refer to our SAML 2.0 and Azure AD OpenID Connect SSO integration guides.

SSO login button display options

After successfully configuring your SSO integration, you can display or hide the SSO Login button for user logins from the Company level, Event level, or both. To do so, press the Edit button and check or uncheck the appropriate boxes:

Screenshot showing the SSO Login button display options.
  • Display on Company Level: Display the SSO Login button when logging in at the Company level.
  • Display on Event Level: Display the SSO Login button when logging in at the Event level.
You can select either one of the options or both.

Then, press the End button to save your changes.

Use custom domain for redirect

When using SSO on a Custom domain-enabled company or event, the domain changes affect SSO redirect URLs. In order to ensure SSO integration is not interrupted by domain changes, click on Edit and check on the Use custom domain for redirect box after configuring your SSO integration.

Screenshot showing the Use custom domain for redirect option and effect.

SSO login session duration

You can determine the duration of a SSO login session directly from the SSO configuration interface. This way, users who log in to the InEvent platform using the target SSO integration will be logged out after the set duration has elapsed since their log in, and they will have to log in again. To do so, press the Edit button and enter the desired session duration in minutes.

The login session duration is set to 120 minutes by default.
Screenshot showing the session duration field.

After entering the desired session duration, press the End to save your changes.

In the case of SAML, InEvent prioritizes the session duration time they set in the Session duration field; if none is set, it defaults to InEvent's. While in the case of Open ID Connect, InEvent solely relies on the default session duration time.

Multiple SSO integrations

You can use multiple SSO integrations to handle the account authorization process in your company and event on the InEvent platform. To do so, simply integrate more than one SSO integrations from the Company level and set them to be displayed from the desired level (Company level only, Event level only, or both levels).

Below is how the Company level log in interface will look like with multiple SSO integrations enabled and displayed.

Screenshot showing multiple SSO log in options when logging in to the Company level.

Below is how the Event level log in interface will look like with multiple SSO integrations enabled and displayed.

Screenshot showing multiple SSO log in options when logging in to the Event level.

Mandatory SSO Auth

After integrating SSO to InEvent, you can enable the Mandatory SSO Auth tool so that users can only enroll to your event if they are authenticated through the integrated SSO methods.

To enable Mandatory SSO Auth, follow the steps below:

  1. Navigate to Settings > Tools from the Event level.
  2. Press the Edit button on the top right corner of the page.
  3. Locate the Login section.
  4. Enable Mandatory SSO Auth by checking the corresponding box.
Also ensure that Allow non-sso login tool is disabled, as it is enabled by default.
  1. Press the End button to save your changes.
Screenshot showing the Event tools interface with Mandatory SSO Auth enabled and Allow non-sso login disabled.

After completing the steps above, users will see the following log in interface when accessing your Registration form, with multiple SSO directories enabled as an example.

When Mandatory SSO Auth is enabled alongside Approval requirement, applicants will be created once users complete the Registration form or Purchase form.
GIF showing the log in interface when accessing an event's registration form with Mandatory SSO Auth and multiple SSO directories enabled.

Allow non-SSO log in

It is possible to allow non-SSO log in when SSO is enabled and activated. In order to allow non-SSO login, follow the steps below:

  1. Navigate to Account > Tools from the Company level.
If you are configuring from the Event level, navigate to Settings > Tools.
  1. Click Edit.
  2. Locate Allow non-SSO login under the Login section.
  3. Check the box to enable the function.
When configuring from the Event level, ensure that Mandatory SSO Auth tool is disabled.
  1. Press End to save your changes.
Screenshot showing an interface of Company tools with Allow non-sso login enabled.

After completing the steps above, attendees will see the following screen when logging in to your event.

Screenshot showing the Event level log in interface with an SSO log in option enabled and non-SSO log in allowed

Auto register with SSO

You can allow users who log in using SSO to be automatically registered to your event, even if they were not added to the event's list of attendees.

Auto register with SSO is not compatible with the Ticket requirements tool. Enabling these tools together will cause attendees to be unable to access your event.

To allow the automatic registration of users who log in using SSO, follow the steps below:

  1. Navigate to Settings > Tools from the Event level.
  2. Click Edit.
  3. Locate Auto register with SSO under the Login section.
  4. Check the box to enable the function.
  5. Press End to save your changes.
GIF showing how to enable the the Auto register with SSO tool within Event tools.

After completing the steps above, users who log in using SSO will be automatically registered to your event as an attendee. Therefore, they will be directed to the Virtual Lobby without being prompted to complete the Registration form, even if they were not added to the event's list of attendees.

GIF showing the login behavior when Auto register with SSO is enabled.

When this tool is enabled, users who are automatically registered when logging in with SSO may see a You were disconnected from event. message when navigating within the Virtual Lobby for the first time. By clicking OK on the pop-up message, the Virtual Lobby will reload and the user will be able to navigate within the Virtual Lobby as normal.
Screenshot showing the "You were disconnected from event" message


How Did We Do?