SSO is a security framework that allows your users to authenticate access to multiple applications, including Omega Point, using one set of login credentials. Additional benefits of using SSO through one of our support providers is the ability to use these provider’s built-in two-factor authentication (2FA).

Omega Point has integrated SSO services through Azure AD, Okta, and Google. If you would like to set-up 2FA/MFA without using SSO, please read this 2FA article instead.

Getting Started

If you are interested in enabling SSO on your OP account, please send an email to [email protected] with the following information:

  1. Account Admin Email

    1. The account administrator’s responsibility will be to approve and rescind user’s ability to sign-in to Omega Point.

  2. Confirm existing SSO and identity management services.

    1. Determine if Okta, Google Apps or Azure AD* SSO is enabled within your organization.

    2. Determine which domain is to be configured. Typically this is the part after the @ in your email address. Advanced users may have a different domain associated with SSO.

  3. If this is a new account, send initial list of user names and emails to Omega Point to add.

  4. Once Omega Point receives this information, we will work with you to configure your login workflow onto the Omega Point platform.

    1. Account administrator receives SSO login email and is approved.

    2. All other users receive email to sign into Omega Point using SSO


*If your identity provider is Azure AD (cloud-based), please see below for additional details.

Additional Details for Azure AD SSO

Follow these steps if using Azure AD

  1. Confirm existing Azure AD SSO and identity management service.

  2. Follow Steps 1-4 from above.

  3. Report & monitor sign-ins using Azure Ad Portal. More info at https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins

Troubleshooting initial configuration

Azure SSO has a few associated options that may interfere with the Omega Point SSO integration. If Azure AD, we need to know ahead of time if A) their Azure AD configuration allow users to add applications to their tenant or B) if it is required to be done by the Azure administrator.

By default, Azure options include
Users can consent to apps accessing company data on their behalf : YES
&
Users can register applications : YES

Here's an article from Microsoft if these configurations are set to NO : https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent#grant-admin-consent-to-enterprise-apps-in-the-azure-portal

Did this answer your question?