Single Sign-On

Extranet User Manager Single Sign On put simply is a product that provides external user management and secure authentication into your web applications. It provides a source base that provides the ability to fully customize and integrate into your line of business applications while also ensuring the utmost security protocols are in place.

Extranet User Manager provides the following key features:

  • Simplified login flow that checks if an inputted email exists within the system and then routes the user appropriately down the self-register or sign in path
  • Fully customized to match corporate branding
  • Supports enabling external identity providers (Microsoft, Facebook, Google, etc.)
  • Self-registration can be customized to capture additional fields
  • Self-registration can be integrated to write user details into other line of business systems (CRM, ERP, etc.)
  • Self-registration can be built to streamline registering users including integrating rules for email domains such as pre-approving users based on a specific email domain
  • Self-registration can have Google ReCaptcha enabled to prevent bots from registering for your application

  • When a user forgets their password, it is important they have access to a self-service feature that allows them to reset it
  • On login, user can click "Trouble Signing In" and be redirected to input their email
  • If their email exists in Extranet User Manager, a password reset email is sent to their email address
  • Email contains a one-time use, time expiring token which allows them to reset their password
  • Password resets are tracked within the Extranet User Manager database for audit tracking purposes
  • Password complexity is also configurable. As a starting point, a password must contain the following characters:
    • 1 uppercase letter
    • 1 lowercase letter
    • 1 number
    • Minimum 8 characters in length

  • Multi-factor authentication (MFA) is a second factor that prompts a user to provide a second piece of evidence that they are the logging in user
  • Enabling MFA strengthens the security of your applications
  • If enabled, EUM will capture required MFA information during self-registration
  • Extranet User Manager supports two methods of MFA
    • 6 digit code sent via SMS Text Message to a mobile device – provided through Twilio SMS APIs
    • 6 digit code sent to registered email address – supported through EUM Email Templates and SMTP
  • MFA triggers are audited in the Extranet User Manager database

  • When a user inputs their password as part of the self-registration, it is important to validate that they have access to the email they have provided
  • A 6 digit code is sent to the email of the registered user
  • Code must be input to the login screen to continue with a successful login
  • Provides a seamless self-registration experience with the required checks to ensure a registered user is who they register as

  • Maintaining your corporate brand through the entire end user experience is extremely important
  • All Extranet User Manager application pages can be customized to match your corporate brand. These include:
    • EUM Landing Application
    • EUM Admin
    • Email Templates
    • Login/Self Registration pages
  • Included in EUM is the deployment of the branding source code
  • With simple HTML, JavaScript and CSS edits, you can begin to blend EUM into the applications your external users are accessing
  • If you do not have a dedicated developer to make the branding changes, we have the resources that can support customizing EUM to match your brand

  • EUM has a series of customizable Email Templates that are included in the application. Those email templates are:
    • Welcome Email – Welcomes you into the extranet and provides important account information and links to revisit the extranet
    • Forgot Password – Contains one-time use, time expiring token to reset password
    • Pending Approver – Email sent to an approving user when an external user has registered to join their group
    • Pending Approval – Email sent to the registered user confirming their account is waiting on an approval from the dedicated Approver
    • MFA Validation – Contains the 6 digit code for your email MFA
    • Email Verification – Contains the 6 digit code for your email verification
    • User Role Request Resolution – Email sent to a user when their request to join a group has been approved
    • User Role Request Created – Email sent to Approver of the requested Role notifying them of a pending request
    • Welcome (social) – Welcomes you into the extranet and provides important account information including the external provider you used to register
    • User Added to Group – Email sent to user when they have been added to an additional EUM Group
  • Emails can be completely customized through Rich Text Editor in the EUM Admin or through the HTML source
  • You define what SMTP the emails will be sent from which is a great way to build trust with your external users and stay out of their junk folder
  • Manual email send enables a group owner to resend an email to a user in the event they're unable to find the initial email sent which is very helpful when providing support to external users

  • Disclaimer is a way for you to capture your external users acceptance of your Terms of Use for the extranet
  • You can choose how often to prompt the user to accept a disclaimer
  • Typically, if there is an update to your Terms of Use, we recommend prompting all users to accept the new terms
  • All accepted disclaimers are tracked within the Extranet User Manager database for audit tracking purposes

  • Often external users need to access more than one application, and in that case, enabling single sign on (SSO) between your applications is a very desirable feature
  • Enabling users to have a single account that they can sign in on then move to secured areas of your applications provides a seamless user experience
  • Eliminates the need for your external users to manage multiple accounts
  • EUM supports modern authentication protocols including OpenID Connect, SAML 2.0 and WS-Federation
  • EUM has been integrated to provide single sign on between many different types of applications including:
    • SharePoint On Premises (2010 – 2019)
    • Zendesk
    • Custom ASP.NET Applications
    • Learning Management Solutions (LMS)
  • As long as your application supports one of the three protocols above, EUM can be configured to support SSO between your applications

  • External users can be made up of a lot of different user types which means they may be accessing your applications from many different types of devices
  • Regardless if external users access EUM through mobile, tablet or PC, all EUM pages will adjust to the optimal size for easy navigation
  • EUM is also tested on various Web Browsers including Microsoft Edge and Internet Explorer, Google Chrome, Mozilla Firefox, Safari, etc. to ensure end to end user experience is optimized

  • Extranet User Manager encourages delegation of user management away from IT into the hands of the users who work directly with the external user groups
  • Providing security trimmed interfaces, IT can define the group and permission structure
  • Business Users are then made Owners of the EUM Group they should manage
  • They can then add, edit, remove users from the groups they own but have no ability to change permissions or application settings
  • EUM supports a 3-tiered permission structure:
    • Group Owner – has the ability to manage users within the groups they own
    • Group Editor – has access to create/manage all groups and users within EUM
    • Configuration Editor – has full ability to create/manage all groups and users within EUM and update core application settings

  • If desired, user impersonation can be enabled to allow privileged users to login as another user
  • This is very powerful when catering to external user groups that are not very technical
  • Allows a privileged user to login the exact same way as the user reporting problems or requiring assistance
  • By default, only users with the highest level of access to EUM (Configuration Editors) may impersonate
  • This can be updated to support your specific business requirements

  • Full REST API for automating the creation and management of EUM Groups and Users
  • We can build Custom APIs that integrate EUM into your Line of Business applications
  • Common applications EUM integrates into are:
    • SAP
    • Custom ERP Solutions
    • Dynamics 365
    • Salesforce
    • Custom CRM Solutions
    • Desire2Learn
    • Training Orchestra
    • Custom LMS Solutions
  • Check out EUM's API on Swagger

  • Users typically have multiple different accounts and it's important to enable them to use pre-existing credentials if they exist with a supported external provider
  • EUM supports the following external providers:
    • Windows Authentication
    • Google Authentication
    • Facebook Authentication
    • Microsoft Authentication (both Azure Active Directory and Live Accounts)

  • Extranet User Manager can be deployed as an Azure App Service through the Azure Portal within your Azure subscription or we can host Extranet User Manager on your behalf
  • Microsoft Azure Cloud Infrastructure provides the security and scalability that enables Extranet User Manager to run seamlessly
  • An Extranet User Manager deployment includes the following Azure Components:
    • App Service (Basic for Development and Standard for Production Environments)
    • App Service Plan (Can be a pre-existing plan to share costs if one exists)
    • Automation Account
    • SQL Database
    • Key Vault
    • SQL Server (Can be a pre-existing SQL Server if one exists)
    • Runbook
  • For up to date Azure hosting cost estimates, refer to the Azure Pricing Calculator

What's next?

Have a Single Sign On scenario you’d like some guidance on? Schedule a consultation with our team below to review the best options for you and your business, regardless if EUM is part of the solution or not!

More of a "hands on" type person?

We get it! Connect with us to walk you through installing and configuring Extranet User Manager into your Azure subscription and then you’re free to explore how EUM could work for you!