This article describes how to set up single sign-on on the Emarsys side of the process, in the Emarsys Platform. As a user you can configure this yourself. In case you do not have the necessary permissions, contact support.
This guide does not deal with the customer side enablement steps as configuration, certificate creation, and so on.
If you are looking for the process that should be followed on the Identity Provider end, see How to enable Single Sign-On.
Configuring the SSO
To begin the process, go to Management → Single-Sign-On Setup and click Configure Single Sign-On.
Now let's go though the steps as they as numbered on the UI.
- Paste your configuration file's content into the text entry area.
Open the XML file in an viewer or editor to select its content. Direct file upload is not available.
- Click Test Single Sign-On
In the background, Emarsys checks whether the login works using details from your pasted SSO file.
- Connect your current Emarsys admin user with IDP administrator (SSO Identity Provider).
Some users may use different login details for Emarsys and the Identity provider (username, email). Click Connect your User to SSO to confirm that the currently logged in Emarsys admin user (you) is the one to connect for SSO.
- Click Enable Single Sign-On to finalize the SSO enablement and turn on SSO for all users under you Emarsys admin.
Users who already have accounts can link their account to SSO after logging in. New users can set up accounts that are linked to their SSO logins.
Once you are finished, Single Sign-On is Enabled for all users under your admin account.
First-time login with SSO
- Click Login with SSO.
- Enter the account name for the account you want to log into.
- Select the relevant option for your situation:
According your choice, you will be presented with one of the following:
I Have a User In This Account
After entering your data, your user will be linked to the SSO login and you will be already logged in.
I Don't Have a User In This Account
After creating your user, you will be automatically logged in.
Make sure that you enable SSO for your existing user (in case you do not know whether you have an already existing account, check with your Account Owner) instead of creating a new user.
Creating a new user will disable username/password-based login for your old user making it impossible to log in anymore.
In case a previous user was not updated and a new one was created, contact your Account Owner to have your new or old user deleted. If the old user is deleted, user roles can be transferred to the new, SSO enabled user. However, the default user settings will be applied, such as English set as interface language, and the 2FA mobile number has to be readded.
Alternatively, the new, superfluous account can be deleted by the Account Owner, and then the old user account can be linked to the SSO login.
Updating the SSO
The most common scenarios when you would want to update your configured SSO settings are the following:
- your current certificate is about to expire or expired already
- you want to keep using SSO but with a different Identity provider, not the configured one.
Click Update SSO certificate and follow these steps:
- Generate the new XML configuration in your IdP, but do not activate it yet.
- Change the configuration in the Emarsys Platform (The current XML is still active in your IdP)
- Activate the new XML configuration in your IdP
This is needed to avoid locking our users by immediately activating the IdP side configuration.
You can also deactivate SSO and switch to using email and password for login. Use the Deactivate SSO button to stop using the certificate-based SSO authentication method.