Denticon now allows the use of a Single Sign On (SSO) in an effort to meet current cybersecurity guidelines and allow a simpler sign in process for users that are members of an organization utilizing SSO protocol. SSO authentication allows users to securely access multiple related applications or systems using just one set of credentials supplied by their organization.
Please note: Once enabled, Users will not be able to login via the traditional Denticon method; users must login using organization credentials where the organization can include additional authentication options.
SSO works based on a trust relationship established between the party that holds the identity information and can authenticate the user, called the identity provider (IdP), and the service or application the user wants to access, called the service provider (SP). Denticon has partnered with Microsoft Azure as an identity provider.
How to Integrate SSO Within Denticon
- The office should submit a ticket to Denticon Support asking that SSO be enabled for the office.
- Once the site feature is enabled, a new section will become visible under Setup->Account Info->Advanced tab.
- To begin the SSO setup the office must obtain the “Tenant ID” which is a globally unique identifier that is specific to the Azure domain of a given organization.
Please Note: This step should be completed by an IT Director/IT Staff because it will require granting access between the organization's domain and Denticon.
- Click the link to "Start SSO Setup" and begin completing the consent.
- Click the next button. The user will be prompted to provide digital consent for Denticon to access Azure. A login prompt, as shown below, will trigger the user to log into Azure in order to accomplish this consent.
Please Note: An appropriate admin of the organization's Azure site must be involved in completing this step.
- Once access is granted, Denticon will attempt to acquire the Azure Object ID for each user by comparing the email address stored in Denticon to email addresses found in Azure. (An object ID is an unique identifier that is specific to a given entity within the Azure domain of a given organization)
- Matches will automatically be mapped.
The Verification Status indicates whether a row is successfully mapped or not. The status values have the following meaning:
Mapped: this indicates that username/email combination has been successfully mapped, no further action is required.
Ready to Save: this indicates that username/email combination has been recently updated (either automatically or manually) to be matched with an Object ID however that mapping is not yet saved in Denticon. When the ‘Save SSO’ button is submitted then the database will be updated and the status will change to ‘Mapped’.
Unverified: this indicates that the username/email combination is not matched to anything in the Azure domain. An admin must either update the Denticon username to an existing Azure email address or manually populate the Object ID using the ‘Edit’ button on the row.
If a user id in Denticon is not automatically matched, an admin user can click ‘Edit’ on a selected row and manually update information.
Once a Denticon user is mapped to their Azure identity, they will notice a simplified login experience. When accessing a workstation where they are required to enter their domain credentials after logging into Denticon via planetdds.com, they should be immediately forwarded into Denticon.
If the user comes to a workstation and has not yet authenticated on their organization domain, they may see a Microsoft login prompt that is requesting their organization credentials.
Once they complete this step, they will be redirected to their appropriate landing page inside Denticon.
If a user’s email address is associated with multiple PGIDs, then that user may get an additional screen during login process where that user can select which PGID they should land in.
Please Note: Employees should be encouraged to ‘Sign Out’ every time they leave a workstation. If User A logs into the workstation, then logs into Denticon, the SSO will automatically login User A. If User A closes the Denticon window, then walks away from that workstation, if User B walks up to that workstation and launches Denticon the SSO logic will automatically log them into Denticon as User A.