Skip to main content

Single Sign-On

As an additional security measure, Direct Contact Integrations can be configured to require Single Sign-on (SSO) to view the form.

Configuring Direct Contact SSO

If Internal System Owner is selected in the Direct Contact Settings, the SSO Login field will appear.

Once checked, you must select the Direct Contact Email from the list of DataGrail users. A user must have a Super Admin or Connections Manager role to be able to respond to Direct Contact emails behind SSO.

SSO Configuration

Assigned users will leverage their existing login credentials to the DataGrail platform to now access the Direct Contact forms.

Super Admins Can Always Access Direct Contact Forms

A Super Admin user can always access Direct Contact Forms behind SSO, even if they are not assigned as the processor.

Permissions Groups

In addition to requiring Single Sign-On for Direct Contact Forms, processors can be required to have a particular permission group via the Identity Provider (IdP), e.g. Okta.

To configure this feature in DataGrail, ensure the integration is already configured for Direct Contact SSO. Once complete, enter the name of your Direct Contact SSO Group in the Direct Contact Settings.

With the configuration set in DataGrail, you must configure the corresponding groups in your IdP and pass them to DataGrail. An example configuration for Okta is provided below.

Optional Feature

This feature is not available by default. Contact your Account Manager or support@datagrail.io for more information.

Okta Configuration

An example group configuration in Okta is described below:

  1. Select Applications > Applications in the Okta navigation bar on the left hand side of the screen. Select the DataGrail application.
  2. Select General from the tabs at the top of the application.

Initial Application Admin

  1. Select the Edit link in the upper-right-hand corner of the SAML Settings subsection.

  2. Click Next in the lower-right-hand corner

  3. Click Add Another to the Group Attribute Statements.

  4. Enter groups as the Name, and select a proper filter. In this case, we will include any groups that start with the string DG-DirectContact-. However, you can use any group name that you would like.

Group Attribute Settings

  1. Save the Application.
  2. Configure groups and assign users to them.
Example 1
  • Groups DG-DirectContact-SalesforceUploaders, DG-DirectContact-MarketoUploaders, DG-DirectContact-InternalDBUploaders exist
  • The user belongs to the DG-DirectContact-SalesforceUploaders group.
  • The user will be provisioned the DG-DirectContact-SalesforceUploaders Permission Group.
Example 2
  • Groups DG-DirectContact-SalesforceUploaders, DG-DirectContact-MarketoUploaders, DG-DirectContact-InternalDBUploaders exist.
  • The user belongs to the DG-DirectContact-SalesforceUploaders and DG-DirectContact-InternalDBUploaders groups.
  • The user will be provisioned the DG-DirectContact-SalesforceUploaders and DG-DirectContact-InternalDBUploaders Permission Groups.

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.