Skip to main content
Skip table of contents

How Third-Party Single Sign-On works

Atrieve 22.02 now supports Single Sign-On (SSO) integration with;

  • Microsoft Azure

  • Google Identity and Access Management

Throughout the related documentation, “third-party single sign-on” refers to Microsoft or Google’s identity management services. When there is a reference to Microsoft, you can insert Google alternatively.

Benefits of Google or Microsoft Azure Single Sign-On for Atrieve

  1. Reduces the number of login names and passwords for end users to remember

  2. Faster access for end users as only one SSO login is required for multiple applications on the same device

  3. the division can apply additional security measures, such as Multifactor Authentication (MFA) through their identity service provider (Google or Microsoft)

  4. user management access is centralized

End Users' Experience

In a single sign-on configuration in Atrieve 22.02, users will be presented with two options to log into the application. These include;

  • the standard username and password login fields, and;

  • ‘Sign in with Microsoft’ or ‘Sign in with Google’

Users will need to be instructed on how to authenticate once Microsoft/Google SSO for Atrieve is enabled.

In the Atrieve 22.02 release, an end-user can log in, using either authentication method. At this time, both options are presented to the end user. In the upcoming Fall 2023 release, a district will be able to hide the standard username/password login option if wanted.

The following is the authentication process that occurs depending on which login method the end user selects:

What does this mean once Microsoft/Google SSO for Atrieve is enabled?

For divisions looking to enable Multifactor Authentication, we recommend that MFA be enabled for both login scenarios to ensure end users are challenged at the time of login. This means;

  1. your division enables Microsoft or Google MFA in your Identity and Access Management system for logging in with Microsoft or Google

  2. Atrieve Email MFA is enabled. For more information, see https://powerschoolgroup.atlassian.net/wiki/spaces/ERPD/pages/64958794695 .

Recommendation

As part of the implementation, Atrieve MFA should be enabled so that if users do not select Google or Microsoft, they receive an MFA challenge from Atrieve to login.

With Atrieve’s Email MFA enabled

  • Atrieve MFA is enabled and Google or Microsoft is not selected at login - the user enters their credentials for Google or Microsoft, and once authenticated is redirected to the portal MFA page.  After entering a valid code they will be allowed access to the portal

  • Atrieve MFA is enabled and Google or Microsoft is selected at login - the user enters their credentials for Google or Microsoft, and once authenticated and MFA is successfully completed for the third party provider, the user will be allowed access to the portal 

With Atrieve’s Email MFA disabled

  • Atrieve MFA is disabled, and Google or Microsoft is not selected at login - the user enters their credentials on the Atrieve portal login, and once authenticated is allowed access to the portal 

  • Atrieve MFA is disabled and Google or Microsoft is selected at login - the user enters their credentials for Google or Microsoft, and once authenticated and MFA is successfully completed for the third party provider, the user will be allowed access to the portal 

Authentication workflow when Signing in with Microsoft or Google

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close