Single Sign-On (SSO) is an authentication process that allows our clients to use their own company's login process to gain access to the PowerReviews Portal. This allows for better security and a more seamless login experience.
How Does SSO Work?
The user is authorized within your company's system. They then use a designated URL to automatically gain access to the PowerReviews Portal. Each user must already exist in the PowerReviews system, before they are allowed access.
The user's email address is used as their identifier between the two systems. If the email addresses do not match, then the user is not recognized and the SSO will fail. PowerReviews is able to update a user's email address on our side if needed, to match your system.
Glossary of Terms
- Identity Provider (IdP) - A software system that provides the users' login and authentication for access to it and other systems. The IdP should be the home for users and/or user credentials with various protocols for remote sign-in, such as SAML.
- Security Assertion Markup Language (SAML) - An open, standardized set of XML-based protocols for authentication and authorization.
- Assertion Consumer Service (ACS) URL - This is the URL provided by PowerReviews that the user is directed to after logging into their IdP
- Entity ID - Provided by PowerReviews for authentication
- SAML application within your IdP
- XML file with SAML metadata - Generated from your IdP
The XML generated by your IdP can be transferred via the most convenient method for. The contents are not secret, but it would be ideal to use a secure transfer mechanism (not unencrypted email).
Note: Configuration cannot proceed on PowerReviews' side without this file.
Configure Your IdP
- Configure the ACS URL and Entity ID provided by PowerReviews. (If using Azure AD, let PowerReviews know, as we need to provide you additional information.)
- Your IdP needs to attach the user email as an attribute in the SAML response.
Login Link Format
The login link is used to direct users after they are logged in with your IdP, to authenticate and gain access to PowerReviews.
SSO must be configured with a PowerReviews Production account group_id, which provides access to any merchant groups a user has rights to, including PowerReviews Test accounts. If you have multiple merchant groups and are in doubt, please contact your Implementation Team or Account Team for assistance.
Clients that have SSO enabled will see an indicator in the PowerReviews Portal. To verify if SSO is enabled for your account(s):
1. Navigate to the gears icon in the left-hand menu.
2. Under the Manage Users tab, the following message would appear:
Users who have access to this page are still able to view and edit users, but are no longer able to reset passwords as these credentials are now managed by SSO.
If you are interested in setting up SSO, contact your Implementation Team or Account Team.