Single Sign On
CompliSpace is a leading provider of Governance, Risk and Compliance (GRC) programs and services to organisations across a range of industry groups. Our cost-effective, technology-enabled solutions combined with our skills in Policy content integration, enable GRC to come to life in your organisation. This page outlines the three different sign-in options that CompliSpace offers our PolicyPlus clients.
Single Sign-On (SSO) allows a user to log in with a single ID and password to multiple related but independent systems without using or having to remember different usernames or passwords. Essentially the user logs in once and gains access to all systems without being prompted to log in again to each of them. This is very helpful for organisations who often have many systems in use daily.
CompliSpace's SSO Options
CompliSpace Products support two options of SSO. Both are effective SSO solutions, however, which one to use is generally determined by available localised needs as well as the time available resource skills our clients have available onsite to support the implementation.
Option 1 - Azure AD OpenID Connect (oAuth 2.0)
Azure AD (Active Directory)
CompliSpace supports Single Sign-On integration with Azure AD using Azure AD OpenID Connect (OAuth 2.0) for authentication. Furthermore, CompliSpace PolicyPlus supports tenant and section access authorisation using the Azure AD Graph API to access user Active Directory group memberships.
Key Features
Users have a single point of entry to all applications (SSO)
- Applications don't need sensitive password information
- Clients can manage user access to PolicyPlus secure sections in their own identity management system
Why clients choose Azure AD
Azure AD is part of their Enterprise suite
- A client wants to use the same authentication across multiple systems
- A client wants to minimise duplication when adding or deleting users
- With a very large number of users, fragmented systems are more difficult to manage
Option 2 - SAML 2.0
SAML (Security Assertion Markup Language)
An XML-based open standard data format for exchanging authentication and authorisation data between parties, in particular, between an identity provider and a service provider.
Key Features
- Users have a single point of entry to all applications (SSO)
- Applications don't need sensitive password information
- Industry standard can be used across multiple 3rd party applications
Why clients choose SAML
- A client has Active Directory Federated Services, G-Suite (with Google Active Sync), Okta, Studentnet and other authentication providers with full SAML support
- A client wants to use the same authentication across multiple systems
- A client wants to minimise duplication when adding or deleting users
- With a very large number of users, fragmented systems are more difficult to manage
Other User Authentication Methods
In addition to the two SSO options, CompliSpace also supports Local Authentication.
Local Authentication – the ‘traditional way’
Each system has a unique directory, users enter credentials specific to the system.
Key Features
- Allows for unique credentials for each system (improves security)
- The system can easily handle all privilege levels (authorisation)
- Passwords can be autosaved
- Very quick sign-in option to implement
- Easy to reset forgotten passwords (click a link to reset)
Feature Matrix
| Method | Skills | Implementation Skill | Single Source for Users and Permissions | 3rd Party Integration | Prerequisites |
|---|---|---|---|---|---|
| Azure AD | Admin access to Azure AD | Basic Azure AD Administration Skills | Yes | Yes |
|
| SAML 2.0 | Able to install and configure a SAML 2.0 IdP | Experienced SAML Administrator | Yes | Yes |
|
| Referred Sign In | Able to program server side web scripts | Developer with medium crypto skills | No | No |
|