Skip to main content

Authentication - Configuring SSO with ClearPoint

This article explains how to configure Single Sign On (SSO) with ClearPoint.

F
Written by Fernando Montenegro
Updated this week

ClearPoint Strategy offers two distinct Single Sign-On (SSO) options to simplify user access and bolster security—Integrated logins with Office 365 or Google and PingOne. Both options reduce password fatigue and integrate seamlessly with existing infrastructure.

Single Sign-On (SSO) options leverage your organization’s established security systems to provide a secure and convenient login experience for ClearPoint users.

Overview of SSO Options

ClearPoint Strategy offers two key SSO solutions designed for organizational needs:

1. Integrated Logins with Office 365 or Google

  • Features: Allows for effortless login through the "Office 365" and "Google" buttons on the ClearPoint login page.

  • Setup Requirements: view this article for more details on enabling integrated logins Authentication - Enabling integrated logins

  • User Management: Managed within ClearPoint rather than through the Microsoft admin portal.

  • Advantages: Efficient set-up, simple maintenance, and seamless integration.

2. PingOne (Custom SAML Integration) SSO

  • Features: Offers deeper customization and integration with enterprise systems.

  • Setup Requirements: Establishing a custom SSO link integrated with Azure AD or similar directories.

  • User Management: Allows advanced control at ClearPoint and directory service levels.

  • Advantages: Tailored for organizations requiring detailed administrative control and technical customization.


Pre-requisites

SSO through PingOne is available for Enterprise Plans only.

PingOne (Custom SAML Integration)

PingOne is a robust SAML-based authentication solution for advanced security needs. It integrates seamlessly with active directory services like Azure AD (via custom links) and supports detailed access controls for technical teams.

For SSO, we partner with Ping Identity which has a full support center. ClearPoint will provide the customer with a PingOne account. From here, the customer IT team can obtain a SAML standard key and configure the connection with the desired active directory service, such as ADFS or Azure AD (Step by Step Guide found at the bottom of this article).

For troubleshooting, we recommend working directly with Ping support.

Important: If additional ClearPoint support is required, it will be for an additional fee based on the amount of time it takes to support the connection.


Initial configuration

In order to begin configuring SSO, the individual responsible for completing the configuration - usually someone from the IT team - should have their email address provided to ClearPoint Support. A Ping account will then be created for them, and they will receive an email providing instructions for setup.


Click the link in the setup email to create your account. Follow the configuration steps for your desired active directory in this help deck: CPS Single Sign On with Ping – 2021.


Once configured, users in ClearPoint can be enabled for ‘Require Single Sign On (SSO) authentication.’ This means they will not be able to access ClearPoint using a ClearPoint username and password.


The SSO link created during configuration will be the only option for accessing ClearPoint.

  • From the Control Panel click on System Settings

  • Select Manage Users under Users and Groups

  • Click the edit Pencil icon next to the user you want to enable SSO for

  • Navigate to the Security tab

  • Mark the checkbox next to Require single sign on (SSO) authentication

  • Once you are done, click Save


Recommendations

If you prioritize simple implementation and minimal maintenance, Integrated Logins is the better option. For organizations needing advanced integration and administrative control, PingOne is more suitable.

Configuring MFA with SSO

To set up both Single Sign On (SSO) and Multi-Factor Authentication (MFA) for ClearPoint, MFA must be configured through the SSO provider. This ensures that the added security layer of MFA is managed by your established SSO protocols. Please consult your SSO provider's documentation for detailed instructions on setting up MFA.

Did this answer your question?