Set up and use Single Sign-On (SSO) to log into PSTrax

Enabling users to use SSO

One or multiple users can be configured to log in via SSO by following these instructions:

Summary

Users in PSTrax can log in using either the Single Sign-On (SSO) method, which is verified through an identity provider, or the traditional username and password method. Administrators can manage login methods for users by modifying SSO settings in the system.

Instructions

Clients who use an identity provider to centralize their logins across multiple platforms can set up SSO to log into PSTrax. Please note that there is a fee to use SSO, so please reach out to our team for pricing information.

Currently, we can set up SSO with the following identity providers:

Azure
AzureGov
Active Directory
Azure Active Directory (Azure AD)
Okta

To manage SSO settings, navigate to Settings → Personnel → User List, edit individual users, and enable or disable SSO for each user. For bulk updates, go to SSO Settings, where you can view and modify SSO assignments for multiple users at once.

Modifying SSO Settings for Individual Users

Sign in to PSTrax using administrator credentials.
Navigate to Settings → Personnel → User List.
Locate and select the user whose login settings need to be modified.
Click Edit, then find the SSO Setting option.
Choose one of the following:
- Yes – The user can only log in using SSO.
- No – The user logs in using the traditional method (username and password).
Click Save to apply the changes.

Managing SSO Settings for Multiple Users

Navigate to Settings → Personnel → SSO Settings.
View a list of users who are currently using or set up for SSO.
Modify login methods in bulk:
- Deselect users if they should log in traditionally.
- Select users to require them to log in using SSO.
Click Save to update the settings.

SSO Instructions for Azure / AzureGov / Active Directory / Azure Active Directory (Azure AD)

You will need to register an application with your identity provider for PSTrax. Our engineering team is available to work with you or your IT personnel if needed. The link below provides the needed instructions as well.
1. Quickstart: Register an app in the Microsoft Identity platform
Add the following Redirect URI below to the application registered in the previous step.
1. https://app1.pstrax.com/login/__X__X__X__X__X__/callback
Provide PSTrax with the Tenant, Client ID, Expiration Date (if applicable) and Secret Value for the application registered in Step 1.
Provide PSTrax with credentials for a test user so that we can verify everything is configured correctly on our end.
1. This user can be deleted after testing is completed.
Confirm that users have the same email address in both PSTrax and the Identity Provider. If the emails do not match, authentication will fail for those specific users.

SSO Instructions for Okta

You will need to register an application with your identity provider for PSTrax. The application type in Okta should be set to “OIDC (OpenID Connect)”. Our engineering team is available to work with you or your IT personnel if needed
Add the following Redirect URI below to the application registered in the previous step.
1. https://app1.pstrax.com/login/__X__X__X__X__X__/callback
Provide PSTrax with the Client ID, Client Secret, Expiration Date and Okta base URL values for the application registered in step 1.
Create and provide PSTrax with credentials for a test user so that we can verify everything is configured correctly on our end.
1. This user can be deleted after testing is completed.
Confirm that users have the same email address in both PSTrax and the Identity Provider. If the emails do not match, authentication will fail for those specific users.

SSO Instructions for Google

In order to get your department set up for Single Sign-On (SSO), we’ll need a few things from you. Our engineering team is available to work with you or your IT personnel if necessary. PSTrax utilizes OAuth to enable your Google Workplace SSO; below are the steps needed to create the project, credentials, and OAuth Consent Screen:

Login to your Google Cloud Console: https://console.cloud.google.com/
If needed/desired, create a new project (recommended name: PSTrax SSO): https://console.cloud.google.com/projectcreate
Create the OAuth 2.0 Client ID: https://console.cloud.google.com/apis/credentials/oauthclient
1. Application Type: Web Application
2. Name: PSTrax SSO (recommended, customize as needed)
3. Authorized Redirect URIs: Add the callback URI provided by PSTrax
  1. https://app1.pstrax.com/login/__X__X__X__X__X__/callback
4. Click Create to save and submit, this will reveal a confirmation modal
5. Save the Client ID and Client Secret as you'll need to provide this to PSTrax
6. Click OK to close the confirmation modal
Create the OAuth Consent Screen: https://console.cloud.google.com/apis/credentials/consent
1. User Type: Internal
2. Click "CREATE"
3. App Name: PSTrax Single Sign-On (recommended, customize as needed)
4. User Support Email: Your IT Support Contact
5. App Logo: Download and use this Logo https://pstrax.com/wp-content/uploads/2023/12/PSTrax-Primary-Horizontal-favi.png
6. Application Home Page: PSTrax - Login
7. Application Privacy Policy Link: Privacy Policy
8. Application Terms of Service Link: Terms of Service
9. Authorized Domains: Home New
10. Developer Contact Information: brian@pstrax.com
11. Click "Save and Continue"
12. No scopes are needed, click "Save and Continue" again
Send PSTrax your OAuth Client Credentials
1. Client ID
2. Client Secret
3. Expiration Date

Troubleshooting Login Issues

If a user is unable to log in because they were previously using the traditional method but are now being prompted to use SSO, check their SSO settings.
If the SSO Settings option is not visible, it may be due to system configuration or user permissions.
For assistance, contact help@pstrax.com to resolve login issues.

Following these steps ensures that user authentication is properly managed across your organization.