We provide two enhanced types (levels) of provider
connections[1], Accruent also offers one very basic
level with a small number of providers. A total of 3 levels of
SSO to choose from.
Hint: When available for your authentication providers, you
want the SSO Premium level. So if you are using AzureAD you
have the choice of just plain SSO or SSO Premium – you really
do want the premium. Note also that, depending on what
features you end up needing, the Premium and Advanced may be
the same price, if the Premium is more expensive it is because
you decided you want the more expensive features not because
the Premium is inherently more expensive.
Some of the providers and provider connections can only give
SSO Advanced level, they simply don’t have the features needed
to give you the premium experience.
Hint: When you have a choice between two providers – pick one
that has SSO. For example, if your users use Facebook and
RenRen, and you are willing to use either or both, you should
use only Facebook because Facebook gives us the ability, and
so we provide a SSO premium option, but RenRen doesn’t so we
can’t.
Login Providers for MC | MC Standard | MC SSO[1] | LoginHub SSO Level 1 | LoginHub SSO Advanced | LoginHub SSO Premium |
|---|
Cost | Included, $0 | $ | $ | $$ | $$ to $$$ |
SSO Login supported | No | Yes | Yes | Yes | Yes |
Requires manual creation of accounts in MRO | Yes[1] | Yes[2] | No | No | No |
Provides secure passwords | No[2] | Yes | Yes | Yes | Yes |
Requires manual maintenance of accounts in MRO | Yes[2] | Yes[2] | Yes | Yes | No[2] |
Auto Account provisioning | No | No | No | Yes | Yes |
Azure ‘external’ (guest) users work on SasS’s like MCC’s or MC Saas | No | No | Yes | Yes | Yes |
Lets you block Backdoor Login to SSO accounts | No | No | No | Yes | Yes |
Single Link Login | No | No | No | Yes (addon) | Yes (addon) |
Multiple provider support | No | No | Yes | Yes | Yes |
Scripting for advanced scenarios[5] | No | No | Yes (addon)[6] | Yes (addon)[7] | Yes (addon) |
Unknown users can be auto set as Service Requesters | No | No | No | Yes | Yes |
Works with Active Directory | No | No[8] | Yes[9] | Yes[10] | Yes[5] |
Works with Azure AD | No | Yes | Yes | Yes | Yes |
Works with ADFS12[11] | No | No | Yes | Yes | Yes |
Works with Auth0 | No | Yes | Yes | Yes | Yes |
Works with PingIdentity | No | No | Yes | Yes | Yes |
Works with Okta | No | No | Yes | Yes | Yes |
Works with OAuth | No | No | Yes | Yes | Yes |
Works with OpenID Connect | No | No | Yes | Yes | Yes |
Works with SAML 2.0 | No | No | Yes | Yes | Yes |
Works with LDAP | No | No | Yes[12] | Yes[13] | Yes[5] |
Works with WS-Fed/WS-* | No | No | Yes | Yes | Yes |
Works with Facebook and other social providers | No | No | Top 15[14] | Top 15[15] | Some[16] |
Some providers are ‘Enterprise’ providers (Okta, AD LDAP, Ping, ADFS, AD Azure etc..,) for these providers we offer an SSO Premium connection.
In our SSO Premium connections, the majority of user management including login id and password is handled by the provider (in other words – the place you EXPECTED it to be managed.)
And because of this, the Maintenance Connection LoginHub provides features for setting up and maintaining as much as possible that you want in the authentication provider[18]. The decision as to which should be maintained where will typically depend on how much you want your MC Administrators to do and how much you want your IT department managing. The Maintenance Connection LoginHub SSO Premium providers give you the maximum possible flexibility in making these choices.
As a couple people have said:
The SSO Premium connections are what we expected we were going to get with SSO, they have the features we needed but didn’t know we needed until we started setting things up.
Most of the over 100 social media providers give no real option, so they can only be used as SSO Advanced providers, you use them simply for authentication, all user management is done in one or more of the Maintenance Connection family of products. In theory they could be used at the Basic level of the Accruent MC SSO, but as of this writing Accruent didn’t offer any of them or indicated any plans. They still give one huge advantage over the MCC Login: The MC Login passwords are stored in a easy to decrypt fashion, meaning for all intensive purposes, they are not any more secure than clear text passwords. At best they only keep the honest people out. By using a provider like Facebook, you can move away from the insecure MC Login passwords to a much more secure password.
Some social media providers such as Google and Facebook are more powerful and we provide you the option of SSO Advanced or SSO Premium – your choice, depending on what level of management you do in Google.
Features
Feature | Accruent MC SSO[18] | SSO Basic | SSO Advanced | SSO Premium |
|---|
Basic authentication | No, just login | Yes | Yes | Yes |
Roles based authentication | No | No | No | Yes |
Basic fields | No | No | Yes (subject to limitations your provider places on you) | Yes (subject to limitations your provider places on you) |
Additional fields | No | No | No | Yes (subject to limitations your provider places on you) |
Scripting for advanced control | No | No | Yes, but unless you are using things on the user computer, this might not give you any real benefit like the premium ones. | Yes |
Providers
This list is not always up to date, but all the ones that say ‘Yes’ are accurate.
Enterprise Providers:
Note there is no ‘SSO Advanced’ column because you WANT the premium experience when you are using Enterprise providers that give you all the power and flexibility to use the Premium featured. If you really want to use them at the level of just the advanced you can do that with the premium providers.
Provider | Accruent MC SSO[19] | LoginHub |
|---|
AD LDAP | No | Yes |
AD LDAPS | No | Yes |
AD Azure AD | Yes | Yes |
ADFS | No | Yes |
Auth0 (Auth Zero) | Yes | Yes |
Okta | No | Yes |
Ping | No | Yes |
Salesforce | No | Yes |
Generic OpenID Connect[1] | No | Yes |
Generic SAML 2.0 Connect[1] | No | Yes |
Major Worldwide Social Media Providers:
This does not imply that they are major in ALL parts of the world, just that, based on 2019 stats, they are the major worldwide providers.
With Social Providers it makes sense to have both Advanced and Premium options when the provider has the ability to work at the premium level, because you might just want to use social providers for service requesters in which case the premium features have no value to you, but you can also, should you wish, use Facebook and others as ‘Enterprise’ level providers by using the SSO Premium if your company isn’t using any of the Enterprise providers – essentially, we allow Facebook etc.., to be elevated to the level of an Enterprise provider if that will make your life easier. For example, Facebook groups have the ability to be restricted ‘invite only’ admission, letting you use it to manage roles. The practical issue you may have to consider: if you are trying for SSO with other sophisticated products, you may need to use an Enterprise provider that those other products support if they don’t allow your choice of social media providers to give Enterprise level SSO support. If you own the software or have connection to the developers, you can talk to us about expanding LoginHub to work with those products.
Provider | Accruent MC SSO[20] | SSO Level 1 | SSO Advanced | SSO Premium |
|---|
Google | No | Yes | Yes | Yes |
Facebook | No | Yes | Yes | Yes |
Twitter | No | Yes | Yes | Yes |
Instagram | No | Yes | Yes | No |
Reddit | No | Yes | Yes | No |
Major Regional Social Media Providers:
These are providers that are the 1, 2 or 3 in specific locations in the world, this does not imply they are not used outside of those regions, and indeed some may in other countries be major among a specific demographic – typically ethnic group. But if you have people you want accessing the system in those parts of the world, then these Social Media Providers become important to you for SSO.
Note: If you would like one of these to have a SSO Premium option, talk to us about ‘Customer Sponsored Features’, we may be able to work something out for you and your preferred Social Media provider – but note that not all of them CAN operate at this higher level.
Provider | Accruent MC SSO[21] | SSO Level 1 | SSO Advanced | SSO Premium |
|---|
QQ | No | Yes | Yes | No |
WeChat | No | Yes | Yes | No |
WhatsApp | No | Yes | Yes | No |
Qzone | No | Yes | Yes | No |
Vkontakte | No | Yes | Yes | No |
Taringa | No | Yes | Yes | No |
RenRen | No | Yes | Yes | No |
LinkedIn | No | Yes | Yes | No |
Odnoklassniki | No | Yes | Yes | No |
Other Social Media Providers:
This is not meant in any way to disparage these providers, however these providers are not commonly used as even basic SSO sources even if they hope that will change! We support them just as well as the ones above, each may have advantages or disadvantages for you, likely depending mostly on what your users and customers use and what features they allow you for management.
The order of this list was taken from 2019 statistical reports and the order generally implies word wide popularity (more popular at the top) but again, the demographics of your users and customers is much more important to you than what the rest of the world says.
Provider | Accruent MC SSO[22] | SSO Level 1 | SSO Advanced | SSO Premium |
|---|
Tumbir | No | Yes | Yes | No |
Baidu | No | Yes | Yes | No |
Skype | No | Yes | Yes | No |
And there are 100’s more. If there is one you would like to see supported because it fits with your user base – let us know, we will likely be able to offer it as a Customer Sponsored Feature (CSF).
[1] Note that the Maintenance Connection ‘MC Login’ accounts are not SSO.They do not use an external provider to manage the login, they use a two direction (you can decode it) even with the password encoding that came with version 8 and the older version that was available in version 7. We strongly recommend you only use these accounts during initial setup, then remove access to all afterwards and only use secure providers.
[2] This is based on information Accruent provided us about their SSO
[3] You do NOT want to do this, that is why the yes is in red and no in green.
[4] The Standard MC system uses encoded passwords which can be easily decoded in a fraction of a second. While they are obfuscated (they appear encrypted) the are not considered secure by any industry standard definition.
[5] Requires our add-on nlhscript03 Maintenance Connection LoginHub Add-on Scripting product
[6] With SSO Advanced, the provider often does not give you a lot to achieve your goals. For most companies/needs, you will require a SSO Premium to achieve your objectives. Hence it is in blue, not green, but also not red.
[7] With SSO Advanced, the provider often does not give you a lot to achieve your goals. For most companies/needs, you will require a SSO Premium to achieve your objectives. Hence it is in blue, not green, but also not red.
[8] Requires AzureAD
[9] Active directory via many options depending on your configuration, such as on prem or SaaS
[10] Active directory via many options depending on your configuration, such as on prem or SaaS
[11] Active Directory Federation Services, Microsoft’s AD solution for when on prem is not possible
[12] Onsite installs only. This is probably obvious if you use it, but we need to state it for the record.
[13] Onsite installs only. This is probably obvious if you use it, but we need to state it for the record.
[14] Obviously how you decide the last few differs from report to report and year to year. If you need one that is not in ‘our’ top 15 list, let us know and we can discuss adding and making it a ‘top 16’
[15] Obviously how you decide the last few differs from report to report and year to year. If you need one that is not in ‘our’ top 15 list, let us know and we can discuss adding and making it a ‘top 16’
[16] Many social providers can simply not work above the Advanced level. See list of which ones we have been able to create premium ones for.
[17] For example, using our nlhscript03 product you can even define in the authentication provider how work orders are auto assigned.to specific users.
[18] This is based on information Accruent provided us about their SSO
[19] This is based on information Accruent provided us about their SSO options.
[20] This is based on information Accruent provided us about their SSO
[21] This is based on information Accruent provided us about their SSO
[22] This is based on information Accruent provided us about their SSO
Not all features are available at this time, talk to us if you need providers we don’t have yet.