Authress provides easy access to your account via your existing corporate identity provider. Besides SAML and OpenID, there are a number of first class connections available for AWS, Auth0, Okta, and Microsoft Azure AD. These options enable your engineering team members to log into Authress without needing to sign up.
Configuring your SSO login
To enable your engineering team to log in with your identity provider, after you specify the configuration for your provider of choice, you'll need to select a custom SSO domain. This domain can be anything you prefer, but must be globally unique. As we will see below, your team will enter this value into the SSO Login screen. The recommendation is to make this the same as your corporate domain without the TLD (
.ai). For instance, if your email is
firstname.lastname@example.org, a good choice would be
my-company-domain. For even easier access, you can choose an abbreviation.
Walk-through guides setting up SSO Providers
Login to Authress using AWS SSO
Login to Authress using your Okta identity
Team member login
Step 1. Selecting SSO Login
Once configured, your team can login using the
Continue with SSO option available on the Login screen:
Then they'll enter your domain, to automatically log them in with your configured identity provider. In this example the configuration would have been set to
my-company-domain. For more information about how to configure the
my-company-domain as your subdomain see configuring your SSO login.
Step 2. Access to the Authress Management Portal
When your team logs in the first time they won't have any permissions to the portal. They will see this message on login:
Important: They are seeing this message because although you have configured SSO for them, that only allows them to log in, that doesn't allow them to make changes to your Authress account. If every user that could log into your identity provider had direct access to all of Authress that would not be secure.
That means before your team can use Authress via your SSO, you need to give them permission. This step is the same irrespective of using SSO or not, as all users need explicit access before they are allowed to use the portal. You grant them access the same way you grant anyone access to your Authress resources using access records. The best way grant SSO users admin access is to update your Authress account Root Access Record and add the user's SSO user ID to the list of users. If you want to give them a subset of the full admin permissions you can also create additional access records or user groups.
Creating a new record
Instead of editing the Root access record, you can create a new record for the user. What's important to remember is that the permission
* (star) is not the same as
* (star) only grants access to your resources, it does not grant access to the Authress Management Portal nor the Authress related resources. Give the user access to the resources:
Authress:* so they will be to use the portal and update all the Authress related resources--Access Records, Service Clients, Roles.
Authress management resources
Alternatively, you can give them specific access to any of the Authress related resources:
Authress:AccountBilling- Change billing for the account
Authress:Configuration- Configure all aspects of the Authress management account, from audit trails, to integrations, and SSO configuration
Authress:AccessRecords- Access records that allow them to change permissions
Authress:AccessRequests- Allow them to create access requests for more permissions and approve others access requests
Authress:Groups- Create and modify user groups for assigning permissions
Authress:ResourcePermissions- Update resources public permissions
Authress:Roles- Create and manage user roles, granting new access and new permissions
Authress:UserPermissions- Grant access to the Authress Access Analyzer and enable them to check users permissions
Authress:Users- Enabling fetching user data and searching for logged in users
Authress:Applications- Manage client applicatons for user login
Authress:Connections- User Authentication configuration and customer SSO login
Authress:Extensions- Manage platform extensions for external third party developer integration into your platform
Authress:ServiceClients- Generate service clients for interacting with Authress or handling machine-to-machine authentication
Authress:Tenants- Manage customer tenants and their SSO Configuration
Authress provides a number of more automated solutions and stronger integrations with certain identity providers. If your team has more complex requirements, please reach out directly to our development team.