Getting started with authentication

Mapiq Office Shifts offers two means of authentication: Self Registration and Single Sign On (SSO). Within this article you will read more about these forms of authentication and how it is setup.


Authentication methods

Single Sign On Self Registration
Click here to read more about the configuration of Single Sign On

By using Single Sign On (SSO), employees of your organization will experience a seamless authentication experience. Some advantages of SSO are: 

  • User information is exchanged from your Active Directory with Mapiq as part of the Single Sign On process and it is therefore not required for users to enter information manually. 
  • Users authenticate using their company credentials and it is therefore not required for them to remember additional passwords
  • Since authentication is done on your Identity Provider you will remain in full control of who has access to the application and who does not
  • It is possible to exchange more user information on top of the information required for the user's profile. This information can be used for additional features of Mapiq Office Shifts. Please find an overview below:
(click for more info)Feature required?SSO required?
User profileYesNo *
Automatic profile assignmentHighly recommendedYes
Mapiq APINoNo **
Multiple environmentsNoYes

* The user profile can be created via both Self Registration as well as Single Sign On

** SSO is only required when the External Id should be included in the API response

Protocols

Mapiq's Office Shifts supports Single Sign On using the SAML2.0 or the OpenId Connect protocol.

As it is required to exchange more than just the basic information with Mapiq during login, Mapiq recommends the use of the SAML2.0 protocol as additional claims can be easily configured with this protocol.

Account management

The Mapiq applications utilize the Just In Time (JIT) principle for Single Sign On meaning that users are created in the application's backend the moment the user logs-in for the first time. Users can be removed from your environment by deleting them in the administrator portal and revoking access within your Identity Provider.

Mapiq does not support SCIM (System for Cross-domain Identity Management) or other identity frameworks/integrations, although this is something which is being looked in to for future development.

Authentication flow

Mapiq Office Shifts supports four different login scenarios:

  1. Customer A uses Self Registration with a single whitelisted domain
  2. Customer B uses Single Sign On with a single whitelisted domain
  3. Customer C uses Self Registration with multiple whitelisted domains
  4. Customer D uses Single Sign On with multiple whitelisted domains

Enterprise customers have the possibility for more complex configurations, examples of which are:

  • Having multiple identity providers per environment
  • Combining Single Sign On and Self Registration per environment
  • Having multiple environments

An appropriate design matching your business needs will be drafted together with one of Mapiq's Solution Architects upon request.


-

D
Daan is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.