Agent Authentication

- This article mainly explains how to log in to the system using Single Sign On (SSO).

Function Description

The unique ID for identifying the agent in the system is the email, so regardless of whether you are using Microsoft or self-configured SSO login, the agent's email needs to be returned to the system after successful login for identification;

This requires that the email must have an agent account enabled in the system;

If you feel that the account and password in the system do not meet your security standards, you can disable the login method of the system and retain your own login method only;

Preparations

Enable an agent account in the system for the email that needs to be logged in.

Figure 1: Enable Agent Account

Log in to the system using a Microsoft account

Enable "Microsoft Account Verification"

Enable "Microsoft (OAuth 2.0)" in "Admin Center - Information Security - Agent Verification - External Authentication".

Figure 2: Microsoft Account Verification

Log in to the system using a Microsoft account

Figure 3: Log in to the System with Microsoft Account Authorization from our company is required for the first time of use.

Figure 4: Authorization

Control account permissions to log in to the system through Microsoft

Log in to the Microsoft Azure admin backend, find and enable "Do you need to assign?" button in "Microsoft EntraID - Enterprise App - Sobot - Attributes", and enable it.

Figure 5: Enable Assignment Add the allowed login users in "Microsoft EntraID - Enterprise App - Sobot - Users and Groups".

Figure 6: Add Use Object

Log in to the system using other account authentication methods

Currently, the system only supports the SAML protocol method;

Up to 5 different SSOs can be configured;

Configure SSO

This configuration is recommended to be completed by technical personnel or under the guidance of technical personnel.

Click the "+ Create SSO Configuration" button in "Admin Center - Information Security - Single Sign On (SSO)".

Figure 8: Configure SSO Configuration name: Use a name that you can recognize. It is recommended to use the name of the identity authentication provider, and this name will be displayed on the login page, as follows:

Figure 9: Login Button Name on the Login Page Reply URL: This URL is generated by the system. After you get this URL, you need to configure it into your own SSO.

Application federation metadata URL: Fill in your application federation metadata URL here.

Microsoft SSO configuration example

1. Create an application

Figure 10: Create App

2. Select SAML in the Single Sign On (SSO)

Figure 11: Select SAML

3. Parameter setting

Fill in the enterprise domain name of the system in Microsoft's identifier; fill in the reply URL of the system in Microsoft's reply URL; fill in Microsoft's application federation metadata URL in the system's application federation metadata URL;

Figure 12: Configure Param

4. Select SSO

Select the SSO that has just been configured in "Admin Center - Information Security - Agent Verification - External Authentication".

Figure 16：Select SSO

Disable system account password

In order to prevent third-party accounts from malfunctioning and making it impossible to log in to the system account, super admin can log in through the system account. After disabling, an error prompt is given when the non super admin agent logs in through the system account.

Figure 13: Disable System Account Password

Login effect example

When accessing using a login link that contains the enterprise domain name, and multiple login methods are configured:

Figure 14: Multiple Login Methods

When one login method is configured (such as Microsoft's): directly jump to this login method for authentication

Figure 15: Single Login Method