Skip to content
English
Sign in
Contact us
  • There are no suggestions because the search field is empty.

SSO – Single Sign-On Overview

SSO (Single Sign-On) is an authentication method that allows users to log in to multiple applications or systems using a single set of credentials (username and password). This means that users only need to authenticate once to access different services or applications that are connected through SSO.


From the customer’s perspective, SSO is particularly attractive because it allows them to apply their own security policies and reduce administrative tasks when employees leave the company.

From the SprayVision perspective, SSO reduces the need to manage user accounts on our side, minimizing issues such as forgotten passwords or locked accounts.


Key Terms

  • IDP (Identity Provider): The customer’s identity provider (e.g., the customer’s internal system managing user identities such as Microsoft Entra, Okta).

  • SP (Service Provider): SprayVision, acting as the service provider.


SSO Activation Process

To successfully activate SSO for a specific plant, cooperation with the customer’s IDP is necessary. This process requires an exchange of XML files:

  1. SprayVision provides the initial XML file to the customer’s IDP, enabling them to register our service.

  2. The IDP returns an XML file that is then used to integrate the customer’s identity provider with our application.


Domain Structure

Once SSO is activated, users will access their specific environment through a custom subdomain, for example:

  • customer.spraycapture.app

  • customer.spraybrush.app

 

In this structure:

  • The third-level domain (e.g., “customer”) is linked to a specific plant and IDP.

  • The second-level domain (e.g., “spraycapture.app” or “spraybrush.app”) indicates the product the user will be redirected to after successful SSO authentication.


SSO Account Behavior

Users with an SSO account will no longer be able to use the standard login method, including two-factor authentication (TFA) or the “forgotten password” feature.


SSO Overall Information

Any invalid states within the SSO workflow will redirect the user to the classic SprayCapture login page. The redirect URL will include an error code explaining why the user was redirected to the standard login page.

If users encounter any issues and need clarification regarding the error code displayed in the URL, they can contact SprayVision Support via helpdesk@sprayvision.com for further assistance.