Single Sign On
  • 08 Jul 2022
  • 3 Minutes to read
  • Dark
    Light

Single Sign On

  • Dark
    Light

Article summary

There are a few different ways to accomplish “Single Sign On” (SSO) based on your specific needs. Single Sign On is a way for a user to sign in to one “Identity Provider” and then from there, be able to “Sign In” to other web applications without having to keep entering in different usernames and passwords, and these other web applications are referred to as “Service Providers” to the “Identity Provider.”

There are three option to achieve Single Sign On into your Private Labeled VT System:

SAML 2.0

In short, SAML (Security Assertion Markup Language) is an authentication standard that allows a user to log on once for affiliated but separate websites. Use SAML for a secure connection that will automatically update a user’s login information if it has been changed. It is an industry standard for Single Sign On and you can learn more about SAML 2.0 on Wikipedia.com

If your company uses a Single Sign-On (SSO) identity management solution (such as Okta, OneLogin, etc.), an Administrator at your company can now add the LightSpeed VT application to your SAML 2.0 implementation. This gives your users the ability to enter a single set of login credentials to access the LSVT application and any other third-party systems that have been integrated with Okta (e.g., Salesforce, Marketo, etc.)..

For your VT System to act as the Service Provider in the SAML 2.0 set up, you will need to provide the following items:
• SSO URL:
• Entity ID:
• X509 Cert:
• Domain Suffix:

Then you will obtain the Assertion Consumer Service (ACS) URL from the LightSpeed VT Support team to cut and paste into your Identity Provider. It will be similar to this example:

https://subdomain.lightspeedvt.com/saml/AssertionConsumerService.aspx

You will also need to map the claims from your SAML Assertion to fields in your VT System, here are a few examples:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Maps to First Name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Maps to Last Name

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Maps to Email Address

Additionally we will want to have claims map to the three parameters:

• User Location
• Access Level
• Content Role(s)

Next we’ll map the claims from within your SAML Assertion, to the desired settings in your VT System. Claims like username and email will be configured based on the customer’s assertion.

How the process works is that if we see a user that we recognize, we simply let them in via the SAML assertion. If we do not recognize the user, we will create a new user for the person based on the configuration that has been set up in the LSVT SSO Admin area.

LSVT API

The LSVT API is a fully documented REST API that has methods for not only Single Sign On, but also a myriad of other admin activities and reporting that you can automate the use of through the API.

It is common that you will need a developer on your end to implement this solution. The LSVT REST API is very well documented and has an entire “Integration Management” tool set with searchable log files, flexible security settings, and easy to use consoles for testing.

Please visit the LSVT API Documentation.

Google or another Supported Social Media Site

Once a user has been created in LightSpeed VT, they can subsequently sign in with one of the supported networks, which are:

• Google
• Facebook
• Twitter
• LinkedIn

This will link these accounts together by the “Email Address” and users do not need to enter their LightSpeed VT username/password in if this button is pushed from the “Sign In Box.”

This feature is “On” by default, but can be toggled “OFF” if desired.

SSO from your VT System to another Application

If you are interested in users going from your VT System to another Web application, we do have what we call a “Pass Back” Method that will pass a user back to any other web application; find an article for additional information on this here: Pass Back Feature.

Multiple Usernames

This is not actually related to Single Sign On, but may be helpful to know when implementing Single Sign On, and this is that your VT System allows you to have more than one username, and you can connect them by simply having the same email addresses on the additional accounts. Username and Email address are two different fields in your VT System, and username needs to be unique, but you can have the same email on several usernames, such as:

Username: SantaClause
Email: santa@thenorthpole.com

Username: SaintNick
Email: santa@thenorthpole.com

Username: KrisKringle
Email: santa@thenorthpole.com

And using the Account Switching feature, you can switch between these accounts.

Learn more about how Account Switching works.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.