FAQs

Single Sign-On (SSO) Frequently Asked Questions

  1. How does SSO work within customer’s existing systems?

When a customer wants to log into Pensa (assuming SSO is configured), they enter their email address and are redirected to their Identity Provider (IdP). If the authentication is successful, we onboard them if they are pre-configured in our system.

Requirements: Users must have a designated user group, and onboarding setup should be configured in Pensa’s infrastructure.

  1. What are the prerequisites for enabling SSO with your service?

To enable SSO, the following prerequisites are required:

  • Onboarding structure settings by Pensa

  • Provision of SAML Service Provider Metadata to the customer

  • The customer’s SAML Identity Provider Metadata shared with Pensa

  • SAML Metadata into Pensa’s infrastructure shared with customer

  1. What type of authentication methods do you support for SSO?

We support SAML 2.0 for SSO integration.

  1. Which Identity Providers (IdPs) are compatible with your SSO integration?

Pensa SSO integration is compatible with any Identity Provider that supports SAML 2.0.

  1. Does SSO work with multi-factor authentication (MFA)?

Yes, if the customer’s SSO configuration includes MFA, it will remain active, as we delegate MFA to the customer’s own setup.

  1. How is user data handled and protected when using SSO?

The following user data is securely managed: name, surname, email, and username.

  1. Are there specific user roles or permissions that need to be configured for SSO?

Yes, specific onboarding structure settings, account assignments, and user groups are necessary for SSO functionality.

  1. What should I do if a user is unable to log in via SSO?

If a user encounters login issues:

  • Contact your SSO Provider or refer to FAQs on the login screen.

  1. How can we troubleshoot SSO login issues?

  • Try logging into your SSO account directly (outside of the Pensa portal).

  • If successful, contact your support service for assistance with Pensa portal issues.

  1. Will user sessions remain active after logging in with SSO, and for how long?

Yes, user sessions remain active for 30 days after logging in via SSO.

  1. Who should I contact for support if I encounter issues with SSO?

For SSO support, email [email protected]

  1. Is there any downtime required for SSO implementation?

No downtime is required for the implementation of SSO.

  1. Are there any limitations or known issues with the current SSO setup?

  • Users must enter their full email address to log in.

  • A configured set of enterprise email domains is required for Pensa SSO.

  1. Can I restrict SSO access to certain user groups or IP ranges?

Yes, restrictions depend on your specific SSO functionality and configuration.

If there are any issues or questions, please email: [email protected]

Last updated

Was this helpful?