Single Sign on - SSO

Owned by Malissa Olofernes
Last updated: Sept 14, 2023

To download above documents:

  • Click on desired document to open it. Then, click on the cloud symbol in the top right corner of your screen to download, save, or print.

Overview

To increase adoption and provide a seamless experience, Deem provides single sign-on (SSO) capabilities for enterprise services, employing a wide variety of industry open standards. Through the use of SAML 2.0, an enterprise can provide seamless access for its employees without any additional user authentication, and without requiring users to remember new passwords.
For users, SSO is all about experience: fewer passwords to manage, and fewer barriers to getting their job done. Enterprise employees can automatically be provisioned and authenticated, becoming immediately productive with Deem services in a completely transparent manner. For an enterprise, SSO translates into higher adoption rates, tighter security, fewer help-desk calls, and enhanced return on existing technology investments.
By integrating Deem enterprise services with enterprise identity stores, it is also possible to include user provisioning information in the SAML single sign-on token. This allows a single process flow from the corporate Identity Provider into Deem, eliminating the need for a separate provisioning process. If the user does not already exist in the Deem system, or if there is updated information about the user, the SAML assertions may contain provisioning information, allowing for automated, simultaneous update or pre-population of the user's profile when they log in.

Required profile attributes

The following case-sensitive attributes are required when sending a provisioning request:

  • externalID: This is a unique identifier for the user that correlates to the enterprise's system. This is typically an employee number, or some other unique identifier that will not change over time.

  • userName: This is another unique identifier for the user. Specifically, this will be the username that appears in the user interface for Deem services, and would be used for logging in, if SSO was not enabled.

  • email: The user's email address. This must be unique within your company.

  • firstName: The user's first name.

  • lastName: The user's last name.

Optional profile attributes

The following case-sensitive attributes may optionally be sent along with the required attributes:

  • aptSuite

  • birthday

  • city

  • companyName

  • costCenter

  • country

  • departmentName

  • division

  • emergencyContactName

  • emergencyContactPrimaryPhone

  • employeeID

  • employeeStatus

  • groupwareID

  • homeAptSuite

  • homeCity

  • homeCountry

  • homePostalCode

  • homeStateProvince

  • homeStreet1

  • jobTitle

  • middleName

  • mobilePhone

  • postalCode

  • stateProvince

  • street1

  • subdomainName

  • userName

  • workFax

  • workPhone

Additional profile attributes are employeeType, departmentCode, misField1, misField2, misField3, misField4, misField5, and misField6.

Steps to set up SSO:

  • TMC email Channel Sales Director requesting SSO

    • Provide if SSO is for

      • Desktop and Mobile

      • Only Desktop

  • Channel Sales Director will provide TMC

  • TMC will then need to have both forms completed before integration can be completed