Update 2024-12-03: Added information about WithSecure Elements Identity Security, and WithSecure Elements Exposure Management, which can protect your users from identity-based attacks.
What is Federated SSO?
Federated single sign-on (FSSO) is a mechanism that allows users to authenticate and access several applications or services across different domains or organizations without the need to log in separately for each.
Users may already be familiar with this if they access their own organization’s systems using the same account, usually the same account they use to log into their workstations. The same account is often used for their email, or Microsoft Teams, meaning they log in once and that’s it.
FSSO simplifies access across various systems by allowing users to authenticate once and move seamlessly between different applications or services. It enhances security and user experience by eliminating the need for multiple logins.
How to use Federated SSO to access WithSecure Elements
Once an organization decides to implement Federated SSO to access WithSecure Elements, there’s a few basic things to do:
Ensure that your domain users have accounts in WithSecure Elements
For every user in your organization that should be able to access WithSecure Elements, an account must be created within Elements.
NOTES:
- Federated SSO can only work with plain email addresses such as firstname.lastname@company.org. Addresses of the form firstname.lastname+elements@company.org will not work.
- Email aliases do not work with FSSO, so always use the primary email address for the account.
- IAM administrators can still create accounts outside of federated domains. Any such existing accounts will continue to function and will require an Elements password upon login. The ability to define policies that restrict organization access to federated accounts only will be added in future releases of Elements.
- If a linked user cannot be authenticated, for example if they have been removed from the Entra ID domain, they will be unable to access WithSecure Elements.
Link your domain to WithSecure Elements
As a Global Administrator user within your organization’s Entra ID tenant, you must link your domain to WithSecure Elements.
After successfully linking WithSecure Elements and the Entra ID tenant, the administrator must finally enable FSSO within Elements.
Logging into WithSecure Elements
Once all the above steps have been completed, users will be able to log into WithSecure Elements with their Entra ID account.
NOTE: The first time the user logs in after federation has been taken into use, they will be prompted for their Elements password and Entra ID domain password. On future access to WithSecure Elements, the user should be prompted only if there is no valid Entra ID authentication available. See the User Guide for more information.
Protecting your Entra ID users from Identity-based attacks
Did you know that you can help protect your Entra ID users by taking WithSecure Elements Identity Security into use.
This will protects organizations against identity-based attacks by detecting potentially compromised Microsoft Entra ID identities that are used by attackers to access Microsoft 365 or other cloud-based services.
Minimize Identity-related risks using WithSecure Elements Exposure Management
WithSecure Elements Exposure Management is a world class solution for checking your infrastructure for misconfigurations and vulnerabilities. It can be help you minimize risks related to identities by catching for example disabled MFAs, Old passwords, and possible Identity leaks.
Final Note
You can find comprehensive documentation on the whole process of configuring and using FSSO in the Elements User Guide. Please note: At the time of publishing this article, the localized userguides are still being worked on, so please check the English guide.