For those customers that required higher security for their administrators, providers or volunteers, or that required the control of their user generation to be maintained centrally, TeamKinetic supports login and account generation via SSO (single sign on).

We support any SSO provider that is compatible with OpenAuth 2; this includes Azure, Okta, AWS and many others.

You must be an enterprise customer to enable SSO and there is a one-off fee for setup and implementation. To enable SSO we will require a few pieces of information;

  • The client id
  • The client secret id
  • The tenant id

With these we can create the necessary links for the login pages that look a little like this for Azure;

https://login.microsoftonline.com/tenantID/oauth2/v2.0/authorize?scope=openid%20email&response_type=code%20&response_mode=query&client_id=xxxx-xxxxx-xxxx-clientid

The user (admin in this case) will be presented with an SSO only button to login, like this;

They will get redirected to the SSO provider to login using their existing username and password and then if successful will be redirected back to your application. If the email matches an email in your administrator list they will be logged in, or if it does not exist a new minimum administrator account will be created and then they will be logged. Alternatively, if you wish, any emails for successful logins must match pre-existing accounts or the login will fail.

If you are interested in enabling SSO please get in touch or open a support ticket.