Single-Sign-On with Preppio 

You will find the Single-Sign-On feature by going to settings in Preppio (click on your name up in the right corner). You will see the feature listed on your left-hand side.

Overview 

Single-Sign-On (SSO) gives users access to Preppio application through an Identity Provider (IdP) that you control. This offers some benefits for you and your team: 

  • It’s more secure: Provides an additional security and governance layer (no credentials are stored outside of your company’s controlled systems or transmitted over the network). 
  • It’s easier for end-users: Sign in to Preppio by using the same SSO credentials as other systems (e.g. laptop or internal applications), so your users can access Preppio without having to remember another password. 

Authentication using Single-Sign-On with Preppio

SAML 2.0 

Preppio supports SAML (Security Assertion Markup Language) 2.0 for SSO. It’s an industry standard, so this translates into our capability to integrate easily with any Identity Provider that supports SAML 2.0, even if not listed on this page or to even create your own SSO implementation. 

Follow your Identity Provider’s instructions to configure SSO for Preppio. You should as a minimum have at least a  SAML URL, SAML Issuer URL , and an X.509 certificate.  We will use these in the next steps to set up the SSO.  

For the X.509 certificate, you may need to open up the downloaded certificate in a text editor in order to use it in the next steps. 

Basic configuration in your Identity Provider should include the following: 

Key   Value 
Identifier (Entity ID)  urn:prepp:<org_name> 
Reply URL (Assertion Consumer Service URL)  https://p.preppsso.com/login/callback 

 *<org_name> must be the name of your organization without spaces or special characters.

 

  1. In the “User Attributes and Claims” set the following values: 

Graphical user interface, text, application Description automatically generated

Required claim 

Claim name  Value 
Unique User Identifier (Name ID)  user.userprincipalname [nameid-format:emailAddress] 

Additional claims 

Claim name  Value 
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress  user.mail 
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname  user.givenname 
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name  user.userprincipalname 
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname  user.surname 

2. Create/download the certificate from your identity provider in base64 format and use it on the configuration settings page in the Preppio app. 

Graphical user interface, application, Teams Description automatically generated

You should be all set up to run SSO for everyone in your organization. Please be aware that once the SSO is turned on it will not be possible to revert back.