Single Sign On

What is SSO? 

Single Sign On (SSO) is an Add-On feature which allows customers to retain full control over the identity and authentication aspects of the login process by separating the login roles of TreePlotter and an identity authentication provider.

Prerequisites

1. Ensure you have at least one administrator account set up in TreePlotter in advance. The email address of this account will be used to login and manage the rest of the accounts. 
2. In order for additional users to log in through SSO, there must be a record with the same email existing in TreePlotter. Users are linked between TreePlotter and the IdP by email (so ensure the email address is valid and unique per user). A TreePlotter admin will be able to create users and assign their roles through the standard process on the front end of TreePlotter.

Logging In

1. Go to your TreePlotter application URL.
2. Click “Log In” in the top right. You will be forwarded to the login page.
3. You will see two options for logging in.
   • Corporate IdP Login: If you have a custom integration with your organization’s IdP, use this workflow on the left to securely login using your organization credentials.
   • Standard IdP Login: You may use the workflow on the right to directly login with the TreePlotter IdP. Enter your email and password exactly as they are in TreePlotter.
4. After a successful login, you will be forwarded to TreePlotter. You are now authenticated and may continue using TreePlotter as normal.

Adding Users to TreePlotter (external user, no corporate email address)

1. Log in with an admin account.
2. Proceed to add users to Tree Plotter as you normally would.
   • Go to Hub -> Admin -> Account -> Manage Account -> All Users
   • Fill out the user information and click “Save”.
   • The new authentication system has more stringent password requirements than TreePlotter alone. If you enter a “weak” password, the user will be required to reset their password during their initial login.
3. Users may now login using the steps in this guide. They must use the same email and password you assigned them. They may change their password through the “Forgot Password” workflow.

Adding Users to TreePlotter (internal user, has corporate email address)

1. Log in with an admin account. 
2. Proceed to add users to Tree Plotter as you normally would.
   1. Go to Hub -> Admin -> Account -> Manage Account -> All Users
      • Fill out the user information and click “Save”.
      • Make sure the email address matches the user’s corporate email address exactly. 
      • A password is still required in this case that will be tied to the TreePlotter account, but the password information will not need to be used because the user will be using their corporate credentials to log in to the application. 
3. Users may now login using the steps outlined in the guide. They will use the left section of the log in screen. Any changes to their password will need to be made through the corporate account and not through TreePlotter.

Forgot Password

1. To initiate the Forgot Password workflow, users may either:
   • Click “Log In” from the TreePlotter main page. Then click “Forgot Password” in the AWS login page.
   • From the TreePlotter main page, click Go to Hub -> Admin -> Account -> Forgot Password
2. Fill out the required information and follow the prompts to reset your password.

Change Password

Follow the “Forgot Password” workflow instructions in this guide.

Logging Out

Click the “Log Out” button in the top right corner of the TreePlotter main page. You should be redirected to the login page.