Setting up corporate Single Sign-On with WebCE

By Scott McKelvey, VP of Technology
Mar 27, 2023

Weak or stolen passwords are the number one cause of security breaches. These happen when users are forced to remember multiple complicated passwords and resort to writing them down, storing them insecurely, or using the same one for every site. Single Sign-On (SSO) technology gives users an easy, seamless experience to quickly access their content while also removing these password risks. WebCE supports a variety of integration options with multiple Identity Providers to allow corporate administrators to quickly and easily setup a direct connection to our platform.

To begin, contact [email protected] to setup your corporate portal and enable the SSO feature. Then follow the steps below based on your corporate identity provider service.

 

Microsoft Entra ID

Here are the steps to configure SSO through Microsoft Entra ID:

  1. Within the Azure portal, select WebCE from the available partner service providers.
  2. Add the application to your tenant
  3. Configure the URLs and certificate as listed here: https://learn.microsoft.com/en-us/entra/identity/saas-apps/webce-tutorial

 

OKTA

Here are the steps to configure SSO through OKTA:

  1. Add the integration from the OKTA portal here: https://www.okta.com/integrations/webce/
  2. Login to your tenant and follow the prompts to continue setup.
  3. Configure the URLs using your WebCE-provided partner site path.

 

Custom Providers

We support every other provider utilizing SAML 2.0. The process is still straight forward even without a pre-built integration, and most IT teams are comfortable setting it up with the following steps:

  1. Provide WebCE with your corporate sign-on URL. Something like: “https://youradfsservername.yourcompany.com/adfs/ls”
  2. Set the Identifier Name to “https://www.webce.com” or tell us what Identifier Name you would like to use so we can set it on our end.
  3. Setup the SAML “POST” request with the URL for your WebCE Portal, in the following format: “https://www.webce.com/<sitelabel>/login/saml20”
  4. Set the security hash algorithm to SHA-256
  5. Create the following 4 claims:
    1. The unique user identifier. Generally email, but could be EmployeeId instead
    2. E-Mail Address
    3. Given Name
    4. Surname
  6. Download your SSL certificate and send WebCE the Certificate Thumbprint for our records.

 

Request Additional Integrations

If you’re a corporate administrator and your company’s identity provider isn’t listed, let us know and we’ll investigate building a more direct integration pipeline. You can contact us at [email protected]