In this article we cover the following topics:
- I want to learn more about SSO in general
- We recently enabled SSO. How do I log in now to my FlippingBook account?
- I manage our company’s SSO and want to set it up
- I need to make changes to our users
SSO in general
FlippingBook Online supports Single Sign-On (SSO). SSO is an authentication mechanism that allows a user to log in to different apps with a single set of credentials. You don’t have to keep track of dozens of logins and passwords.
Here's how it works:
- First, you set up users in a central SSO management system, called the Identity Provider. Popular systems include Okta and Microsoft Azure.
- You connect this system with other apps that support SSO, like FlippingBook Online.
- Then, in your SSO management system, you specify which user has access to which apps.
Now, your users only need to log in to your SSO system. When they start another app, like FlippingBook Online, we check with the Identity Provider if the user is already logged in and is allowed to use FlippingBook Online. If so, they automatically are granted access. There is no need to log in.
This is not only convenient for your users. It also significantly increases security. For example:
- Users can no longer use weak passwords.
- Users won't need to write down their passwords
- Users can't pass their credentials to colleagues who should not have access.
- When someone leaves your organization, deleting their account immediately removes access to all systems they had access to.
- If you enable Multi-Factor Authentication in your SSO management system, then all your apps will benefit from that.
Who can use SSO?
This is only available to clients with an Enterprise plan. It is available by request to all Enterprise clients who ask for it. We assume that you already have your SSO solution up and running with several applications connected to it.
Does SSO only apply to the account? Or does it extend to flipbooks too?
SSO extends only to access to the FlippingBook Online account, where you create and manage flipbooks. It does not extend to readers of your flipbooks. Flipbooks are public by default but can be protected in other ways (for example, using passwords or ‘protected embed’ so that the flipbook will only work if embedded into your website)
How does FlippingBook SSO work?
FlippingBook Online supports Single Sign-On authentication based on SAML only. We do not currently support OpenID.
Can I use SSO in combination with regular Username/password logins to FlippingBook Online?
No, after enabling SSO, logging in with a username and password is no longer possible!
How to integrate FlippingBook Online with my Identity provider?
Please refer to the instructions for:
Since FlippingBook SSO is based on SAML, you should theoretically be able to connect to any SAML-based Identity provider. Since there are hundreds of providers, we only provide instructions for some of the more popular services: Okta, Microsoft Azure, and Onelogin. You should however be able to establish a connection between your own SAML Identity provider and FlippingBook Online with the data that our support team provides to you and using the documentation of your SSO provider.
After setting up SSO, how to log in to your FlippingBook Online account?
There are different ways to login:
- If you use an application portal in your SSO solution, they could open it from there.
- If your users attempt to go to our website, they can click ‘Sign in with SSO’ at the bottom of the login screen.
Then enter your email address or the name of your SSO domain that we set up. Typically, that’s your company name (with the first letter capitalized). We immediately check your credentials with your SSO provider.
- If you have already authenticated, you will immediately be taken to your FlippingBook Online account.
- If you are not authenticated, we take you to the authentication page of your SSO provider. After you authenticated there, you are transferred back to FlippingBook Online.
- Finally, we send out an email to all new users with a link to go directly to their account which they can bookmark. This link is also available to the account owner in the Team section of the account. Click on View details, and copy the link from the pop-up.
Adding users after initial setup
You can simply add new users to your SSO management system, and assign them to your FlippingBook Online group. When such users try to open the FlippingBook Online App, we will automatically create a subuser account for them on our end.
Optionally, the account owner of your FlippingBook Online license can invite the new user. This will send an email to the new user with the direct login link.
Removing user access
If you removed/revoked access for a user in your SSO system, then they will no longer have access to FlippingBook Online. The user account on our end will keep existing and the private flipbooks that this user owned will keep working. Other than that, the account is inaccessible. The FlippingBook Online account owner will have to delete it manually and decide what to do with the flipbooks: either delete them as well or move the flipbooks to a subfolder in their own account.
A new user replacing another user
Suppose a user leaves your team, and the flipbooks that this user made will be managed by a new user. You make the changes in your SSO management system, but that leaves the new user with a clean, empty account. There are two ways to transfer the flipbooks:
Without our assistance
- The FlippingBook account owner deletes the subuser, and when deleting, selects the option to move flipbooks to their own account (this will create a private folder for them with the old username).
- The FlippingBook account owner turns the folder with books from the deleted user into a Shared folder.
- The new user logs in and moves all the books from the Shared folder to their Home folder.
- Either user deletes the (now empty) folder from the old user.
With our help
the account owner can simply ask us to change the login email after you updated the access rights in your SSO management tool. The benefit is that this will retain the folder structure that the original user had created.