General understanding
What is Single Sign-On (SSO)?
Single Sign-On (SSO) is an authentication process that allows you to log in once with your access data and then access various systems and applications. With remberg, this access takes place by default via the Microsoft login using Entra ID (formerly Azure AD). Other identity systems are possible in other cases.
What is the difference between SSO and multi-factor authentication (MFA)?
While SSO simplifies the login process by only requiring you to log in once, multi-factor authentication (MFA) serves to increase security. MFA adds an additional verification step, such as a code via an authenticator app. Both methods can be combined to ensure both user-friendliness and security.
What advantages does SSO offer you?
With SSO, users do not have to manage separate login data for each application. This saves time, reduces the effort involved with passwords and enables IT to ensure consistent, secure authentication across all applications.
Technical requirements and how it works
What steps are necessary to activate SSO?
The activation of SSO begins with the activation of this function by remberg. The remberg Enterprise application must then be authorized by an IT administrator in your company's Entra ID.
Is a meeting with remberg required for activation?
No, a meeting is not necessary. Once the function has been activated by remberg, you can set it up yourself.
Can several remberg systems be connected to a single Entra ID?
Yes, this is possible without any problems. The prerequisite is that an individual application configuration is made for each workspace within the same Entra directory. The average set-up time is around 30 minutes per workspace. Please get in touch with your remberg contact person or remberg Support for more information.
How does access via mobile devices work?
Access via mobile devices is the same as in the browser. You can also authenticate yourself via the Microsoft login using the remberg mobile apps for iOS and Android.
What configuration options does SSO offer?
With remberg, you can choose between optional SSO and enforced SSO. Optional SSO allows both authentication via SSO and classic login with email and password. Forced SSO, on the other hand, prescribes the exclusive use of SSO and deactivates login with remberg-specific access data.
Can enforced SSO be activated or deactivated at a later date?
Yes, this is possible at any time. You can set this option in the remberg system settings if you are an administrator.
Can I force SSO if remberg has users who do not exist in Entra ID?
If SSO is enforced, all remberg users must exist in Entra ID so that login is still possible. If there are user accounts in remberg with e-mail addresses that have not yet been created in Entra ID, these must first be added there before SSO is enforced.
Can I control access to remberg via Entra ID?
If enforced SSO is activated, your access can be blocked via Entra ID. Without enforced SSO, it is still possible to log in with an email and password. In this case, additional blocking in remberg is necessary.
Portal and SSO
If you use the Portal and SSO is activated, email and password will continue to be managed as the login method for the portal. An SSO login for the portal is not provided.
For Users
How do you log in to remberg with SSO?
Simply use the “Sign in with Microsoft” button when logging in. Your e-mail address in remberg must match the address stored in Entra ID and your account must be activated in remberg.
What happens if you forget your password?
If you use optional SSO, you can still reset your password directly in remberg. However, if forced SSO is activated, password management is carried out exclusively via your Entra ID or your IT department.
What impact does forced SSO have on your day-to-day work?
With forced SSO, you only use your Microsoft login to access remberg. The classic login via email and password is no longer necessary, which increases security and reduces effort. At the same time, you benefit from a smooth login experience across all devices.
Can you log in without SSO?
This is only possible if forced SSO has not been activated. Then you can continue to log in with your email address and password.
For IT Administrators
Which identity providers are supported?
By default, remberg offers Microsoft Entra ID as IdP. Other providers such as OAuth, OIDC or SAML-based systems (e.g. ADFS, Okta, Google Workspace) can also be integrated as part of Enterprise SSO. The setup is carried out in coordination with your IT department and remberg.
How are groups, roles and authorizations managed?
These administration functions are carried out within remberg. An automatic transfer of group or role assignments from Entra ID is currently not planned.
How do new users gain access to remberg?
New users must first be created and activated in remberg. Only then is it possible to log in via the Microsoft login.
Will existing users be migrated automatically?
Yes, as long as the e-mail address in remberg matches the one in Entra ID, the migration is automatic. Manual migration is not necessary in this case.
How can external partners be integrated?
If forced SSO is not activated, you can invite external partners by email to set their own password for remberg. If forced SSO is activated, external users must also be created in Entra ID to gain access.
Comparison: Optional vs. forced SSO
Functions | Optional SSO | Enforced SSO |
Login with email and password | Yes | No |
Login via Microsoft | Yes | Yes |
Password reset via remberg | Yes | No |
Blocking via Entra ID affects remberg | No | Yes |
MFA (e.g. via authenticator app) | Yes | Provider-dependent |
Adjustment of password rules | No | Provider-dependent |