iOps360 offers a single sign for users in your Azure Active Directory. Using OpenIdConnect and SAML pathways, staff can click on the My Apps and select the iOps360 app to quickly log into iOps360.
An introduction to SSO functionality
Single sign on (SSO) allows for users to authenticate with your Active Directory and this will also authenticate users into iOps360, reducing the need for additional logins and passwords. We utilize the OpenIdConnect protocol from our login page and SAML by clicking on the iOps360 app from the My Apps page. The current version is 1.0 with Sku iOps360
Supported identity providers
SSO currently supports OpenIdConnect and SAML protocols.
Licensing information
Licensing is free to use for any agencies with an active subscription to iOps360.
Role-based access control for configuring SSO
iOps360 users are assigned the role of Viewer during the SSO process. Once authenticated, your iOps360 user permissions will be assigned as with a normal login. The SSO process does not change or inherit any permissions from the Azure AD roles of your company.
By default, a user is assigned the role of Viewer (to view their schedule, education, vehicle checks, etc).
In order to access all the functions of the iOps360 application (editing schedules, editing credentials, etc.), this user must be assigned additional permission in the iOps360 User Profile Edit page.
If you are an administrator of the tenant you can also consent for all users in your tenant.
SSO Configuration Steps
SSO is not enabled by default. A user with the permission of SysOp can navigate to Operations menu and select “System Config“. Click on the “Users” tab and select “User Permissions“. Click to allow Single Sign On and Save.
HTTPS is required for all connections, including SSO.
UI configuration elements for SAML with expected values from the provider
The SAML configuration will provide the users’ name, and email address. These will be verified with iOps360 active accounts that are enabled with Azure AD SSO to provide access. No additional configuration steps are needed.
Service provider information to be passed to identity providers
The SAML configuration will provide the users’ name, and email address. These will be verified with iOps360 active accounts that are enabled with Azure AD SSO to provide access.
OIDC/OAuth permissions required
When you first access the iOps360 app, you will be prompted to allow iOps360 to have access to View your basic profile and maintain access to data you have given it access to. This is necessary to authenticate you into iOps360. If you are an administrator of the tenant you can also consent for all users in your tenant.
Testing steps for pilot users
Users can pilot the SSO once SSO access has been enabled by your iOps360 SysOp using the System Config steps above. Users can then click the Azure SSO link on the iOps360 website login page and add the iOps360 ID Connect app to the Microsoft Apps page.
Troubleshooting information, including error codes and messages
The most likely error will be unable to log you in. This will typically be caused by Azure SSO not enabled for your agency. If the SSO connector is enabled and you are unable to log in, contact iOps360 using the Live Chat, creating a work order, emailing our staff (support@iops360.com) or calling (855-811-0360).
Support mechanisms for users
If you have any issues with the iOps360 ID Connect app, contact iOps360 using the Live Chat, creating a work order, emailing our staff (support@iops360.com) or calling (855-811-0360).
SCIM endpoint
At this time, iOps360 does not support SCIM. This is on our roadmap so check back for updates and watch our monthly updates for more information. Once this is completed, users added or removed from your Azure AD will automatically flow into iOps360 with basic permissions.