This guide refers to our legacy SSO, if you are using the latest version or configuring SSO, refer to the Single Sign-On documentation.
What is SSO?
Single Sign On allows users to leverage one set of credentials (username/password) to access multiple services. SSO on Rescale ScaleX platforms allows user accounts to be enabled/disabled by a central company administrator. In the context of this document, we refer to the company administrator that enables SSO on ScaleX as the Identity Provider (IdP)
Do we have documentation on SSO?
Currently, we have:
- Logging into Rescale with a Microsoft Active Directory Identity Provider here
- Microsoft Tutorial: Azure Active Directory integration with ScaleX Enterprise here
Customers are requested to contact us for help with setup and any questions on functionality.
Can I use SSO in my region?
If you are located in an international region and are using one of Rescale’s international platforms, make sure to use the correct platform domain and URL. This is crucial when configuring your Azure AD SSO. Note that the Microsoft doc uses a US platform in the instructions. For international platforms use:
What is new with SSO on ScaleX?
Starting May 2017, ScaleX Enterprise customers have access to the ScaleX Enterprise app through the Microsoft Azure Marketplace. The ScaleX Enterprise app enables Azure Active Directory (AD) for managing SSO.
After enabling SSO, will existing ScaleX platform users still be able to log in?
Existing users will continue to have access after SSO is enabled, provided they have an identical email address on ScaleX and with their SSO IdP.
If the e-mail address associated with the ScaleX user account does not change, after enabling SSO, will account data continue to be available?
The data and all attributes of the account will continue to be available after SSO is enabled for accounts where the email address has not changed.
Does enabling SSO affect existing API tokens?
No, existing API tokens are not impacted. They will continue to function as before.
Please explain the difference between the following two scenarios:
- Only create invited user
Requires an explicit invitation (more strict). Even if a user is able to sign-in with SSO, they will not be able to access the ScaleX platform
- Create any user who can authenticate with SSO
Any user under this scheme can create an account themselves, for example all company users who have access to SSO
Would users still be able to connect to their former accounts if needed?
If different email addresses are being used (one for SSO and one created previously), then both accounts will remain accessible.
Can we merge accounts that are using the same email address?
Merging accounts is not currently possible as this requires significant effort, account ownership implications and other nuances.