Skip to content
English
Sign in
Go to safetynetsolutions.co.uk
  • There are no suggestions because the search field is empty.

Enterprise SSO for SKYVISITOR.CLOUD (AZURE)

SSO - IAM options for SKYVISITOR

The primary benefit of Enterprise SSO is not only convenience for employees but also enhanced security and compliance for organisations.
Instead of managing multiple credentials for different applications and configuring authentication and authorisation separately for each one, organisations can centralise the management of user identities, access control policies, and audit logs.

SKYVISITOR.CLOUD supports Enterprise SSO using LogTo open standards for authentication and authorisation.
Please note there is a monthly subscription fee of £100 per domain  for this service.
Click this link to request a quote from your account manager.

Safetynet Solutions have integrated LogTo into SKYVISITOR to manage federated authentication for security and compliance for both parties.

Using enterprise SSO we can enforce all identities managed by the enterprise customer to authenticate through the enterprise identity provider (IdP), ensuring that the enterprise maintains control over its users, data, access and security policies.

LogTo supports OKTA, SAML2, OIDC .   
Click for info - LogTo

Please note, we use the user's EMAIL address as the unique identifier. 
If you do not use email as the unique identifier, it is important that you notify us asap.

OIDC USING ENTRA

SETTING UP FOR SSO USING ENTRA AS YOUR IdP

1. You will need to set up the LogTo App in your Entra Admin Portal.
This requires you to list a URL during the set up which we will provide to you.

So, as a first step, please provide your details for your named Tech Contact(s)*, your required domains & request your unique URL from your Tech Acc Manager.

(Your required domains are the domains in the email addresses that you would like to allow to log in to your database, following successfully validation by your IdP. SAFETYNET will whitelist your required domains against your database - this can be at Root, or Granular Location level.).

2. Please follow this link for the set up instructions to register the LogTo App in your Entra Admin portal. (Previously Active Directory) 

c: Provide the following IDs from your App Registration to your Tech Account Manager

  • Application (Client) ID 
  • Client Secret: Value:  
  • Secret ID:  
  • Endpoint - OpenID connect:

    3. Once you have provided the above IDs, Safetynet will complete your registration for SKYVISITOR.CLOUD and notify when your access is ready.

4. Default New User access will be to a pre agreed least permission level, although we will create 'your named Tech Contact(s)'* with access as a System Administrator.
You will be able to add additional permissions to other users, including creating other Administrators.
Of course, you are welcome to advise us in advance of any other user(s), who you would like to have escalated/additional permissions, and we will apply these for you.
Please provide the Name and Email for any user you would like pre-adding with additional permissions. 

NEW USER - 1st TIME LOGIN:
Each new user will have a user profile linked in SKYVISITOR to a least privilege user role.
This is identified as SSO User in User Templates in SKYVISITOR.
The permissions granted are agreed with yourselves on creating the template.
If you are looking to whitelist more than 1 domain, there can be a different template per domain.
This will control not only permissions, but accessible data locations too. i.e. a Brand within the Parent Group may only have access to book for their 'brand's locations'. 
A tenant company occupying space in the multi-tenant building would be confined to their location data only.
If your domain is shared across a group however, nhs.net, propertymanagementco.com, school within MATrust we would need to identify a property in your Entra User Profile (Groups?) to determine where they should be directed. This would be arranged with you before activation.


Existing User - Switching to SSO?
If you are already using SKYVISITOR and want to start to use SSO - we will carry out steps for migration and preparation to ensure a smooth handover.

  • Safetynet will make a copy of your data from skyvisitor.com and activate in skyvisitor.cloud in Azure.
  • For all pre-existing users with a LOGIN, where their email matches your whitelisted domain(s), we will carry out a data cleanse to ensure that there are only unique entries in the User's Main Email field - 
  • This will be then used to map the newly logged in user from the email address they have logged in with, to the pre-existing 'local login user'
  • This script will also deactivate the local login for the user - ensuring access is only via your chosen IdP.
  • All previous assigned Permission Group, and all past and future bookings are then unaffected. 
NOTE: OKTA / SAML IdP - please contact us for set up instructions

 

PLEASE NOTE: For instances where a user has a change in email address e.g. amie.slater@safetynetsolutions.co.uk -> amie.rolfe@safetynetsolutions.co.uk
An email change will provision a new user within SkyVisitor next time they attempt to log in as it will be identified as a separate user. As a result, an helpdesk ticket will need to be created for Safetynet Solutions to map their old profile to the new email address.