Betterez - Support

Admin Single Sign On

Page summary

Single sign on
CAS provider

Single Sign On

Single sign on

At the moment we only support providers for the CAS protocol.

websales single sign on config

You need to enable single sign on by checking the Enabled field. If you enable SSO you will also need to make sure to configure the provider below.

You can also check Only allow to sign in with single sign on, if this is enable your customers won't be able to sign in with the native Betterez customer accounts and they will have to use the single sign on provider only.

Combining Only allow to sign in with single sign on and Force customer login to use websales will redirect customers directly to the sso provider login page when they reach websales without an active session. This can be helpful if you want to normalize the login user experiences among different applications in your company.

websales single sign on error message

You can enter the error message for your customers when the authorization fails in all the supported languages for your account.

CAS provider

websales CAS provider config

The Name will be used in the websales login page to show to your users when inviting them to use this provider to login.

The url for the CAS server will be provided by your CAS provider. This is the server url before any of the CAS specific URI's (paths) as described in the CAS protocol specification

websales CAS url

You can enter the property to validate to grant access to the customer to websales if you want to restrict access to a subset of users. The property needs to be in the <attributes> payload of a successful CAS response.

Authorization and mapping

websales CAS properties to validate

CAS payload property to validate We will look at the value in this property to decide if the user has been granted access to the system. If left empty, we will grant access to any user that is authenticated.

CAS property value to match This is the value that should be matched against to grant access to the system. Only applies if 'CAS payload property to validate' is not empty.

CAS unique Id property This property is mandatory and should map a property inside the <attributes> payload of a successful CAS response that uniquely identify a customer. We will map this property to a Betterez customer record as an external ID and will be used to map between your users an the internal Betterez customer records.

Customer parameters mapping

websales CAS properties for customer

You will need to enter the properties inside the <attributes> payload of a successful CAS response that identify the email, first and last name for the customer in cases we need to create a new customer in Betterez.

This is needed due to how Betterez identifies customers.