Single sign-on (SSO) is an authentication method that is managed by your organisation and can be used to log in to Plexus in place of a regular email address and password.
Plexus single sign-on currently offers user authentication which is the ability for users to log into Plexus using their single sign-on credentials.
User authorisation is the ability to enforce a user’s business unit and role (permissions) and this is not supported in Plexus. Instead, a user’s role and unit must be managed through the Plexus settings.
This article details how you, or your IT team might configure single sign-on for your organisation in Plexus. The process is dependent on the single sign-on provider used by your organisation.
Determining which single sign-on provider you use
The most common single sign-on providers are:
Microsoft Entra ID (Formerly Windows Azure Active Directory)
Microsoft Active Directory Federation Services (ADFS)
OKTA
G-Suite
A member of your IT team will usually be in charge of implementing single sign-on. Once you know which single sign-on provider your organisation uses, ensure that the individual tasked with setting up single sign-on for your organisation has the correct level of access to complete the configuration steps. Steps to configure the correct level of access are highlighted below.
Ensuring the single-sign on contact has the correct level of access
Step 1. Ensure that the contact configuring your single sign-on has a standard Plexus login by inviting them to the platform in the top right hand corner of your screen.
Step 2. Allocate a role for that user from the Settings menu.
For most organisations, this will be the Reviewer role by default. Ensure to remove this access once single sign-on is set up.
For more customised roles on new accounts, you may like to assign the Access account administration functional permission.
For more customised roles on legacy accounts, you'll find the right level of access under the Can manage SSO configuration functional permission.
If using Microsoft Entra ID or ADFS, please read on for your instructions. If you use a SAML provider such as OKTA or G-Suite to authenticate with single sign-on, you can select SAML from the dropdown and follow these steps to set up your account instead.
Implementing single sign-on
Once the member of your IT team has configured Plexus from their side, that member will be able to finalise the configuration by following these steps.
Whilst the below instructions detail how to set up single sign-on in Plexus, you may also like to refer to the detailed instructions to obtain the specific details from these providers:
Microsoft ADFS
Step 1. Head to the main menu option for Settings and then Account. Select the tab for Single sign-on.
Step 2. Select Microsoft Entra ID or Microsoft ADFS from the Select a provider dropdown or refer to the SAML instructions in this guide.
Step 3A. Click the Copy icon to obtain the Redirect URL, or pass this link to your IT administrators.
Step 3A-1. For Microsoft Entra ID, enter the information into the provided fields. You may refer to this guide for specific instructions on obtaining this information from Microsoft Entra ID.
Domain - The primary domain or website URL that’s hosted on Microsoft Entra ID (an example of ours would be plxs.com.au or legalgateway.com.au)
IdP Domains - A list of the eligible email domains that can be authenticated using SSO, separated by commas. The domains should not include the @ sign, so an example of ours would be plxs.com.au, plexus.co.
Client secret value - A secret string of text that’s generated in Microsoft Entra ID to help confirm the connection between Plexus and SSO.
Client secret value expiry date - The date on which your Entra ID Client secret value expires. Users listed in the Notifictions section of Account settings will be notified in advance when this date approaches. Please see Managing your company account settings for details.
Application ID - The unique Application or Client ID that’s created and provided in Microsoft Entra ID. It’s usually a string of letters and numbers.
Top tip! It is important to correctly enter your Client secret value expiry date to ensure continued access to Plexus for your organisation’s users. An expired Client secret value can only be resolved with help from Plexus support.
Step 3B. For companies who use Microsoft Active Directory Federation Services (ADFS) to configure single sign-on, first copy and paste the Redirect URL link to your IT administrators by clicking the Copy icon.
Step 3B-1. Then enter the information into the provided fields:
This is all information that should be provided via Microsoft ADFS, including:
Domain - The primary domain or website URL that’s hosted on Microsoft ADFS (an example of ours would be plxs.com.au or legalgateway.com.au)
IdP Domains - A list of the eligible email domains that can be authenticated using SSO, separated by commas. The domains should not include the @ sign, so an example of ours would be plxs.com.au, plexus.co.
Active Directory Federation Services URL - A web address provided by the SSO platform including https:// It should have a .xml file extension at the end.
Step 4. Click Save to save your inputs. Ensure to test your single sign-on set up. It should work immediately after saving your details.
Top tip! You may want to remove this level of access for your IT contact once the SSO configuration is complete. You can revoke access by removing any unneeded roles from that user's account.
Once single sign-on is configured for an organisation, its users can sign straight into the platform and will be given access to a specified default unit and default role.
You can also configure designated platform administrators who will receive an email that prompts them to assign any new users to their correct units and roles. This email is sent once a day.
You may also want to review this guide for information on managing your single sign-on settings once the initial configuration is done.
Questions about setting up single sign-on for your organisation? Get in touch with us via the live chat or email [email protected].