Overview
Our SSO integration with Encompass provides seamless authentication that allows users to access our system directly from within the Encompass environment without requiring separate login credentials. This integration uses industry-standard SAML authentication through AWS Cognito to ensure secure user verification and authorization.
How It Works
The SSO process is designed to be transparent and effortless for end users. When a user clicks on any integrated feature within the Encompass plugin (such as “Tasks”, “Invites“ or other designated buttons), they are automatically authenticated and redirected to the appropriate page in our web application.
User Experience
Initiation: Users simply click on any SSO-enabled button or link within the Encompass plugin interface
Automatic Authentication: The system handles all authentication processes in the background
Seamless Redirect: Users are automatically directed to the requested page in our web application
Immediate Access: No additional login steps or credential entry required
Technical Process Flow
Step 1: SSO Request Initiation
User clicks an SSO-enabled button (e.g., "Tasks") in the Encompass plugin
The plugin initiates the SSO process by making a request to our API
Step 2: Redirect URL Generation
Our API receives the SSO request and determines the appropriate redirect URL
The system prepares the necessary authentication (JWT token)
Step 3: SAML Authentication
The user is redirected to our SAML identity provider
AWS Cognito handles the SAML authentication process
The system matches the user's email address from Encompass to a corresponding user account in our system
Step 4: User Verification and Matching
Email-based user matching ensures the correct user account is accessed
Security protocols verify user authorization and permissions
Step 5: Authentication Token Issuance
Upon successful authentication and user matching, an authentication token is generated
The token is securely passed as a query string parameter in the redirect URL
Step 6: Deep Link Redirect
Upon successful authentication and user matching, the user is automatically redirected
The redirect uses a deep link to take the user directly to the originally requested page
Users land exactly where they intended to go within our web application
Security Features
SAML 2.0 Compliance: Industry-standard authentication protocol
AWS Cognito Integration: Enterprise-grade identity management
Email-Based Matching: Secure user identification and verification
Secure Token Transmission: Authentication tokens passed via secure query string parameters
Encrypted Communication: All data transmission is encrypted in transit
Session Management: Secure session handling and timeout controls
Token Validation: Authentication tokens are validated server-side for security
Benefits
Enhanced User Experience: No need to remember additional login credentials
Increased Productivity: Eliminates time spent on manual login processes
Improved Security: Centralized authentication reduces password-related security risks
Seamless Integration: Works transparently within existing Encompass workflows
Requirements
Active user account in both Encompass and our system
Matching email addresses between both systems
Proper user permissions and access rights configured
Support and Troubleshooting
If you experience any issues with the SSO integration:
Verify that your email address matches between both systems
Ensure you have appropriate permissions in both Encompass and our system
Clear your browser cache and cookies if experiencing redirect issues
Contact our support team for additional assistance
The SSO integration is designed to work seamlessly in the background, providing a smooth and secure authentication experience that enhances your workflow efficiency within the Encompass environment.
