On This Page
Overview
Single Sign-on (SSO) is a process that allows users to access multiple authorized applications without having to log in separately to each application. SSO allows organizations to validate user names and passwords against a corporate user database (such as Active Directory), rather than having separate user credentials managed by Compass and other applications. In Compass, some users may be configured to use SSO, while others use traditional usernames and passwords, meaning that an organization could use SSO for internal users and not for external users.
Compass supports the following methods of access via SSO:
- Identity Provider-Initiated SSO: User logs into SSO-enabled applications through the identity provider’s portal. After that, upon opening Compass and entering a username, the user will be taken directly to Portal since they are already authenticated with SSO.
- Service Provider-Initiated SSO: User opens Compass directly. From there, they are redirected to login through the identity provider’s portal. After that, they are redirected back to Compass.
Configuring Single Sign-On (SSO)
Compass supports SSO using OAuth 2.0 and has been tested with and can support Okta and Microsoft Azure. For more information on configuring SSO for your company’s Compass instance, please reach out to your Veeva Customer Success contact.
Enabling SSO for Users
Once SSO has been configured for your Compass instance, System Administrators can enable SSO for new or existing users. To enable SSO for a user, navigate to the Setup > Users tab. Click on “Add User” to add a new user, or “Settings” for an existing user. In the Add/Edit user window, select the “Enable SSO” checkbox. Once selected, input the Identity Provider User ID and Identity Provider Username for that user. Each Identity Provider User ID/Username can only be used for one Compass account in a given instance. Note that SSO cannot be enabled for Integration Users.
Upon clicking Add User or Done, the user will be automatically linked with SSO and will receive an email notifying them that they will now log into Compass with SSO.
SSO can be disabled for a user by deselecting the “Enable SSO” checkbox. Once deselected, the user will receive the standard Compass Activation Email prompting them to set a password.