When an Uptrends account is first created, the initial account administrator creates a login for themselves based on their e-mail address and a chosen password. Additional operators can then be added over time to give more people access to the account, where each operator logs in using their own e-mail address and password.

This works well, but as your organization changes and grows, and your teams start using more online tools and services, there are a few things to consider:

  • People need to remember their Uptrends password, along with passwords from all the other online tools they are using.
  • They need to perform a manual login every time they want to access Uptrends.
  • From a user management perspective, it can get increasingly more difficult to control which people have access to which tools.

Easier and safer access control using Single Sign-on 

To make things easier for end users as well as administrators, across all online apps your teams are using, you can use a solution that sits between your users and those online apps. Many third party products are available that offer a Single Sign-on (SSO) solution. We've worked with Azure Active Directory, Active Directory Federation Services (ADFS), Okta, OneLogin, SecureAuth and Duo Access Gateway, but there are many others. Any product that can support the SAML 2.0 protocol for Single Sign-on should work.

How Single Sign-on in Uptrends works

As discussed, you will need a third party product that acts as the centralized hub for your users to get access to apps, and for your administrators to control which users have access to which apps - Uptrends being one of them. In this article, we'll refer to that product as the Identity Provider (IdP), since it takes care of proving the identity of each user when they are logging into your apps. In this setup, Uptrends is one of those apps and plays the role of Service Provider (SP).

Once you have a working IdP setup, you'll use the IdP's login features to make sure your users are authenticated in their browser, on their mobile devices, and so on - often based on their network credentials. Those features can also include two-factor authentication, strict password policies, et cetera. The main advantage for end users is that they no longer need to remember different passwords for different apps, and that they can access Uptrends and other apps with just a single click. Most IdPs offer an app gallery or app hub, showing all tools and services available to the user. The tools are instantly recognizable and accessible, without having to bookmark URLs, remembering the right passwords and going through the usual hassle of keeping things secure and organized.

Administrators benefit from an SSO setup because they can control which users have access to Uptrends, and to easily revoke access again when someone leaves the company or moves to a different team.

Single Sign-on setup overview

To get a working SSO setup in Uptrends, the following basic steps are needed:

  • Enable the SSO option in your Uptrends account settings. Please note that Single Sign-on is available for Enterprise accounts only.
  • Define a new app in your Identity Provider, using the SAML configuration data provided by Uptrends. Essentially, you only need to copy one URL: this is the Single Sign-on URL (on the Uptrends side) that is unique for the SSO setup of your organization: your IdP needs to have this URL so it knows where to send your users when they log in.
  • Once defined, the new Uptrends app in your IdP will also generate SAML configuration data. This data consists of two pieces of information: your IdP's Login URL (so Uptrends knows where your users are coming from) and the certificate generated by your IdP to digitally sign the SAML requests it sends to Uptrends. This allows Uptrends to make absolutely certain that the incoming logins are genuinely coming from your Identity Provider and not from someone else. This is a crucial part of the security of Single Sign-on. You'll store the public key for SSO in your Uptrends vault.
  • Make sure that your users are defined on both sides: your IdP runs in your own environment, so it already knows about your users. In Uptrends, each user needs their own operator (if it doesn't already exist). When a user is logged in by your IdP, we will look at the e-mail address, so it needs to match on both sides.
  • You don't have to start using SSO for all users in one go: you can start with just one, while the remaining users keep accessing Uptrends using classic logins until you're ready to move to SSO.

For detailed setup instructions, please read the Single Sign-on setup guide.