Single Sign On (SSO)

Fully Integrated with e-Builder Enterprise

e-Builder Enterprise integrates the industry’s most trusted capital program management software with enterprise e-Builder Single Sign On (SSO) capabilities. Our SSO solution leverages federated identity standards to allow users to securely access e-Builder without requiring multiple logins, and without having to manage separate application passwords. Your staff will maintain secure, direct access to external resources like e-Builder using your existing protocols. You can then maintain reduced operational costs by providing centralized management of all application connections, leveraging reusable connection configurations, and integrating easily with existing identity infrastructure and target application environments.

Benefits:

  • Higher user adoption rates
  • Fewer help desk tickets and lower associated costs
  • Lower administrative overhead
  • Increased productivity
  • Strengthened security
  • Increased compliance audit pass rates

Single Sign On

Single Sign On

Standards-based Single Sign On

e-Builder supports federated identity standards such as Security Assertion Markup Language (SAML) and WS-Federation which allow organizations to share credentials and attributes for authentication and authorization, and reduce security gaps by creating a trusted connection to e-Builder Single Sign On (SSO)

We support all vendors who are compatible with standard SAML 2.0 connections.

It is also available for StateRAMP and FedRAMP. Additionally, if a customer has multiple instances (Commercial and FedRAMP), SSO will work for both.

For Browser-only SSO, there can be multiple connections set up (Max limit of 4).

If you have any questions about limitations with multiple setups, please contact your e-Builder Account Manager or Customer Success Manager.

Process Overview

With secure Internet SSO, once a user has logged into your enterprise network, they can directly access e-Builder over the Internet. Hidden from the user, your federated identity software validates their login credential and assembles a specially formatted software message called a SAML assertion that contains information about the user. This assertion is transmitted to the e-Builder SSO server over the Internet via a trusted connection established as part of the SSO service setup process. e-Builder then reads the information in the assertion and uses it to give the user access to their e-Builder account without requiring additional user names, passwords, or any other login mechanism. In order to securely transfer information about the user, the Identity Provider (you) and the Service Provider (e-Builder) must first agree on what details about the user will be passed. This is known as the attribute contract. For e-Builder SSO, all that is needed is the user’s email address. To support express user provisioning, additional attributes are required in order to add the new user to e-Builder.

SSO Process Overview Diagram

Single Sign On Process

When the attribute contract is established, each party knows what will be passed. The user logs into your enterprise domain and is authenticated internally. When a user requests access to e-Builder, their browser automatically redirects to your enterprise SSO server, which then builds SAML assertion that includes information in the attribute contract.

This information is put into the browser header and their browser is redirected to the e-Builder SSO server using a secure HTTPS post. The e-Builder SSO server retrieves the assertion from the browser header, decrypts it, validates the credentials, and logs the user into e-Builder. The user is given access to e-Builder without the need to directly log in.

The entire process happens so quickly that the user does not notice the extra redirects have even occurred.