FAQs

What is SSO?

Single sign-on (SSO) is an identification method that allows users to log into multiple applications with one set of credentials. 

What does this mean for Titan Cloud Edge users?

Once SSO is set up at the client level, it can be enabled for any user in that client’s account. Users with SSO enabled will NOT need a password or MFA token to log in to Titan Cloud Edge!  

Will users with SSO enabled need to log in at a different URL?

At this time, YES. Users with SSO enabled log in at a slightly different version of the client homepage:  https://www.CLIENTNAME.net/Web/Ext/LogOnSso 

Can users still choose to log in with a password?

Once SSO has been enabled for the user’s account, they can ONLY use SSO to log in to Titan Cloud Edge on the web.

The Titan Cloud Advanced Facility Inspections (AFI) mobile app is not yet set up to accept SSO, however, so a user with SSO may use their email and password to access the app.

What does Titan Cloud need to set up SSO at the client level?

This depends on which protocol (OIDC or SAML) and identity provider (Auth0, Azure AD, Google Workspace, Okta, etc.) your organization uses for authentication. Your Customer Success Manager can help coordinate with our Product team to make sure we have the information we need. 

At minimum, we need the following information based on protocol.

OIDC

• Client ID
• Well Known Configuration URL

SAML

• Sign In URL
• Sign Out URL
• Signing Certificate

To discuss what's specifically needed for your organization, please reach out directly to your CSM or email support@titancloud.com.

Once SSO is set up at the client level, how can it be enabled for a user?

To manually enable SSO for a user, follow the instructions below. To discuss options for a bulk rollout to many users, please reach out to your CSM. 

Step 1: Log in Titan Cloud Edge 

Step 2: Navigate to User Setup

1. Click the nine dots to open the global menu and select Administrative Console.
2. In the Admin Console menu, select Security and User Setup.

Step 3: Open the user’s profile

1. Use the Search bar or filters to locate the user in the grid. 
2. Click the pencil edit icon. 

Step 4: Enable SSO

1. Click the checkbox toggle to enable Single Sign On.
2. Under “Select Identity Provider,” select the appropriate option for your client account.
3. Enter (or verify) the SSO Email address.
4. Click Update to save changes and automatically send the SSO invitation email. 

Step 5: The user must accept the SSO Invitation

1. The user will locate the SSO invitation email in their inbox.
2. The user will click the Accept Invitation button.
3. The user will click Continue on the screen that opens in their web browser.

The first time a user logs in with SSO, they'll see the “Authorize App” screen, prompting them to consent to account access. 

This step is controlled by Auth0, the third-party application we use to provide SSO. This step, which will only be shown once, is intended to ensure the user is aware that this application requires access to your company's identity provider (IdP). This is similar to the messaging you'll see the first time you log in to a website using your personal Google or Facebook account. 

Here's some context on what it's asking for:

• Profile Access: The app requires access to your profile and email to authenticate and retrieve necessary account information.
• Offline Access: This allows the app to maintain a connection to your account even when you are not actively using it, ensuring uninterrupted service.