With Single Sign-On, employee transitions can be enforced in Wiredrive as easily as they are with your other cloud applications. Employees can only log in to Wiredrive when their identity provider credentials are valid. As soon as they’re active, the employee can log in. Deactivate them, and the employee will not be able to log in anymore. Furthermore, with just-in-time user provisioning, you don’t have to create accounts for employees in Wiredrive. Once they’re able to sign on through the identity provider, Wiredrive will automatically create an account for them if none exists. Your IT department has the assurance that no one is able to access Wiredrive when they’re not supposed to.
Using your own identity provider in conjunction with Wiredrive allows you to define additional security when and how you need it. So, if your work is sensitive and you need to have a heightened level of security, Wiredrive with Single Sign-On is ideal. If you need to enforce special password strength rules or you want to enforce password changes on a schedule, you can manage those rules through your identity provider. If your provider supports one-time passwords or multi-factor authentication, those requirements will be honored by Wiredrive.
Managing your users in multiple vendor systems can be very inefficient and potentially a liability. By using Single Sign-On, Wiredrive defers all decisions of authentication and identity to your company and your identity provider. You can quickly activate and deactivate users from your identity provider and have those decisions honored by Wiredrive - no need to separately manage user accounts.
How do I enable SSO with Wiredrive?
If you have an existing system, our Customer Success team will work with you to help prepare your system for SSO. You will need to have an identity provider that supports SAML 2.0 (e.g. Okta, PingID, OneLogin, etc.)
Can my LDAP or Active Directory groups be used in Wiredrive?
Wiredrive will expand our SSO and user management capabilities over the course of the next year. We are planning to enable some integration with LDAP and Active Directory groups, which may allow for fine-grained control over user birthright permissions and access.
What does my identity provider need to support to allow me to use SSO?
Your identity provider needs to support sending SAML 2.0 assertions - for instance, Okta, OneLogin, and PingID all support SAML 2.0.
Can I enforce stricter requirements, e.g. two-factor authentication?
Absolutely - if your identity provider supports it. Wiredrive trusts your identity provider, so as your security requirements evolve, you can make changes without needing to update any configuration in Wiredrive.
Are there unique requirements I should be aware of?
If you wish to integrate with Okta, it will be necessary to set the Wiredrive username for all users to match the email address connected to their Okta profile.