Use your own Identity Provider for YesWeHack authentication
You can configure and activate SSO for your users, in order to:
- Delegate the authentication on YesWeHack platform to your Identity Provider
- Apply your own security and authentication policies (e.g. Multi-factor Authentication (MFA), re-authentication, etc.)
- Centralize users’ management in your Identity Provider and align it with your IAM processes (e.g authorize or revoke access to YWH platform)
- Simplify the onboarding process of your users on YesWeHack platform
How does it work once SSO is set-up?
Let’s say for example that firstname.lastname@example.org recently joined the team to help with the 50+ reports you received over the weekend on your *.mycompany.com program (ouch!)
- Authorize email@example.com on YesWeHack app in your IdP
- Invite firstname.lastname@example.org with the appropriate role from YesWeHack platform (e.g. Program Manager)
- Now, everytime email@example.com wants to access YesWeHack platform, he just has to enter his login (firstname.lastname@example.org) and he will be redirected to your SSO login page.
If at some point email@example.com does not need to access your YesWeHack environment anymore, you can simply remove his assignement from your IdP YesWeHack app (and eventually revoke his role on the platform later on).
How can I set-up SSO for my business unit?
From YesWeHack platform, go to 'My Business Unit' > 'Settings' > 'SSO'. You are now on the right place to enable SSO for a given domain, e.g. @mycompany.com
The setup is simple and standard :
- Domain verification (with HTTP file, HTML meta-tag or DNS record)
- IdentityProvider and SSO configuration
With the SSO activated and correctly configured for your domain, every user that want to sign on YesWeHack platform with a @mycompany.com email address will have to be authorized and authenticated on your Identity Provider (IdP) first.
If you need more details, please check out platform’s documentation, which could definitely help in the process (login and go to ‘Resources’ > ‘User Guide’).
What else should I know about SSO? Do you have more technical info?
- YesWeHack supports SSO via SAML 2.0 protocol;
- SSO can be activated by Organisations with an active license on YesWeHack;
- Once the SSO config validated and activated, users signing in with email addresses from this domain must authenticate through the configured Identity Provider (IdP);
- Users must be authorized from the IdP and can be directly revoked from the IdP;
- Authentication policies defined at IdP level will prevail (e.g. MFA, re-authentication);