Setting up Corporate Single Sign-On with WebCE
Scott McKelvey
By
March 27, 2023
Weak or stolen passwords are the number one cause of security breaches. These happen when users are forced to remember multiple complicated passwords and resort to writing them down, storing them insecurely, or using the same one for every site.
Single Sign-On (SSO) technology gives users an easy, seamless experience to quickly access their content while also removing these password risks. WebCE supports a variety of integration options with multiple Identity Providers to allow corporate administrators to quickly and easily setup a direct connection to our platform.
To begin, contact CorporateSales@WebCE.com to setup your corporate portal and enable the SSO feature. Then follow the steps below based on your corporate identity provider service.
Microsoft Entra ID
Here are the steps to configure SSO through Microsoft Entra ID:
Within the Azure portal, select WebCE from the available partner service providers.
Add the application to your tenant
Configure the URLs and certificate as listed here: https://learn.microsoft.com/en-us/entra/identity/saas-apps/webce-tutorial
OKTA
Here are the steps to configure SSO through OKTA:
Add the integration from the OKTA portal here: https://www.okta.com/integrations/webce/
Login to your tenant and follow the prompts to continue setup.
Configure the URLs using your WebCE-provided partner site path.
Custom Providers
We support every other provider utilizing SAML 2.0. The process is still straight forward even without a pre-built integration, and most IT teams are comfortable setting it up with the following steps:
Provide WebCE with your corporate sign-on URL. Something like: “https://youradfsservername.yourcompany.com/adfs/ls”
Set the Identifier Name to “https://www.webce.com” or tell us what Identifier Name you would like to use so we can set it on our end.
Setup the SAML “POST” request with the URL for your WebCE Portal, in the following format: “https://www.webce.com/<sitelabel>/login/saml20”
Set the security hash algorithm to SHA-256
Create the following 4 claims:
The unique user identifier. Generally email, but could be EmployeeId instead
E-Mail Address
Given Name
Surname
Download your SSL certificate and send WebCE the Certificate Thumbprint for our records.
Request Additional Integrations
If you’re a corporate administrator and your company’s identity provider isn’t listed, let us know and we’ll investigate building a more direct integration pipeline.
You can contact us at CorporateSales@WebCE.com.