Types of Maintenance Connection SSO connectors

Maintenance Connection

Types of SSO (Single Sign On) connectors with Maintenance Connection

We provide two enhanced types (levels) of provider connections[1], Accruent also offers one very basic level with a small number of providers. A total of 3 levels of SSO to choose from.

Hint: When available for your authentication providers, you want the SSO Premium level. So if you are using AzureAD you have the choice of just plain SSO or SSO Premium – you really do want the premium. Note also that, depending on what features you end up needing, the Premium and Advanced may be the same price, if the Premium is more expensive it is because you decided you want the more expensive features not because the Premium is inherently more expensive.

Some of the providers and provider connections can only give SSO Advanced level, they simply don’t have the features needed to give you the premium experience.

Hint: When you have a choice between two providers – pick one that has SSO. For example, if your users use Facebook and RenRen, and you are willing to use either or both, you should use only Facebook because Facebook gives us the ability, and so we provide a SSO premium option, but RenRen doesn’t so we can’t.

Login Providers for MC

MC Standard

MC SSO[1]

LoginHub SSO Level 1

LoginHub SSO Advanced

LoginHub SSO Premium

Cost

Included, $0

$

$

$$

$$ to $$$

SSO Login supported

No

Yes

Yes

Yes

Yes

Requires manual creation of accounts in MRO

Yes[1]

Yes[2]

No

No

No

Provides secure passwords

No[2]

Yes

Yes

Yes

Yes

Requires manual maintenance of accounts in MRO

Yes[2]

Yes[2]

Yes

Yes

No[2]

Auto Account provisioning

No

No

No

Yes

Yes

Azure ‘external’ (guest) users work on SasS’s like MCC’s or MC Saas

No

No

Yes

Yes

Yes

Lets you block Backdoor Login to SSO accounts

No

No

No

Yes

Yes

Single Link Login

No

No

No

Yes (addon)

Yes (addon)

Multiple provider support

No

No

Yes

Yes

Yes

Scripting for advanced scenarios[5]

No

No

Yes (addon)[6]

Yes (addon)[7]

Yes (addon)

Unknown users can be auto set as Service Requesters

No

No

No

Yes

Yes

Works with Active Directory

No

No[8]

Yes[9]

Yes[10]

Yes[5]

Works with Azure AD

No

Yes

Yes

Yes

Yes

Works with ADFS12[11]

No

No

Yes

Yes

Yes

Works with Auth0

No

Yes

Yes

Yes

Yes

Works with PingIdentity

No

No

Yes

Yes

Yes

Works with Okta

No

No

Yes

Yes

Yes

Works with OAuth

No

No

Yes

Yes

Yes

Works with OpenID Connect

No

No

Yes

Yes

Yes

Works with SAML 2.0

No

No

Yes

Yes

Yes

Works with LDAP

No

No

Yes[12]

Yes[13]

Yes[5]

Works with WS-Fed/WS-*

No

No

Yes

Yes

Yes

Works with Facebook and other social providers

No

No

Top 15[14]

Top 15[15]

Some[16]

Some providers are ‘Enterprise’ providers (Okta, AD LDAP, Ping, ADFS, AD Azure etc..,) for these providers we offer an SSO Premium connection.

In our SSO Premium connections, the majority of user management including login id and password is handled by the provider (in other words – the place you EXPECTED it to be managed.)

And because of this, the Maintenance Connection LoginHub provides features for setting up and maintaining as much as possible that you want in the authentication provider[18]. The decision as to which should be maintained where will typically depend on how much you want your MC Administrators to do and how much you want your IT department managing. The Maintenance Connection LoginHub SSO Premium providers give you the maximum possible flexibility in making these choices.

As a couple people have said:

“The SSO Premium connections are what we expected we were going to get with SSO, they have the features we needed but didn’t know we needed until we started setting things up.”

Most of the over 100 social media providers give no real option, so they can only be used as SSO Advanced providers, you use them simply for authentication, all user management is done in one or more of the Maintenance Connection family of products. In theory they could be used at the Basic level of the Accruent MC SSO, but as of this writing Accruent didn’t offer any of them or indicated any plans. They still give one huge advantage over the MCC Login: The MC Login passwords are stored in a easy to decrypt fashion, meaning for all intensive purposes, they are not any more secure than clear text passwords. At best they only keep the honest people out. By using a provider like Facebook, you can move away from the insecure MC Login passwords to a much more secure password.

Some social media providers such as Google and Facebook are more powerful and we provide you the option of SSO Advanced or SSO Premium – your choice, depending on what level of management you do in Google.

Features

Feature

Accruent MC SSO[18]

SSO Basic

SSO Advanced

SSO Premium

Basic authentication

No, just login

Yes

Yes

Yes

Roles based authentication

No

No

No

Yes

Basic fields

No

No

Yes (subject to limitations your provider places on you)

Yes (subject to limitations your provider places on you)

Additional fields

No

No

No

Yes (subject to limitations your provider places on you)

Scripting for advanced control

No

No

Yes, but unless you are using things on the user computer, this might not give you any real benefit like the premium ones.

Yes

Providers

This list is not always up to date, but all the ones that say ‘Yes’ are accurate.

Enterprise Providers:

Note there is no ‘SSO Advanced’ column because you WANT the premium experience when you are using Enterprise providers that give you all the power and flexibility to use the Premium featured. If you really want to use them at the level of just the advanced you can do that with the premium providers.

Provider

Accruent MC SSO[19]

LoginHub

AD LDAP

No

Yes

AD LDAPS

No

Yes

AD Azure AD

Yes

Yes

ADFS

No

Yes

Auth0 (Auth Zero)

Yes

Yes

Okta

No

Yes

Ping

No

Yes

Salesforce

No

Yes

Generic OpenID Connect[1]

No

Yes

Generic SAML 2.0 Connect[1]

No

Yes

Major Worldwide Social Media Providers:

This does not imply that they are major in ALL parts of the world, just that, based on 2019 stats, they are the major worldwide providers.

With Social Providers it makes sense to have both Advanced and Premium options when the provider has the ability to work at the premium level, because you might just want to use social providers for service requesters in which case the premium features have no value to you, but you can also, should you wish, use Facebook and others as ‘Enterprise’ level providers by using the SSO Premium if your company isn’t using any of the Enterprise providers – essentially, we allow Facebook etc.., to be elevated to the level of an Enterprise provider if that will make your life easier. For example, Facebook groups have the ability to be restricted ‘invite only’ admission, letting you use it to manage roles. The practical issue you may have to consider: if you are trying for SSO with other sophisticated products, you may need to use an Enterprise provider that those other products support if they don’t allow your choice of social media providers to give Enterprise level SSO support. If you own the software or have connection to the developers, you can talk to us about expanding LoginHub to work with those products.

Provider

Accruent MC SSO[20]

SSO Level 1

SSO Advanced

SSO Premium

Google

No

Yes

Yes

Yes

Facebook

No

Yes

Yes

Yes

Twitter

No

Yes

Yes

Yes

Instagram

No

Yes

Yes

No

Reddit

No

Yes

Yes

No

Major Regional Social Media Providers:

These are providers that are the #1, 2 or 3 in specific locations in the world, this does not imply they are not used outside of those regions, and indeed some may in other countries be major among a specific demographic – typically ethnic group. But if you have people you want accessing the system in those parts of the world, then these Social Media Providers become important to you for SSO.

Note: If you would like one of these to have a SSO Premium option, talk to us about ‘Customer Sponsored Features’, we may be able to work something out for you and your preferred Social Media provider – but note that not all of them CAN operate at this higher level.

Provider

Accruent MC SSO[21]

SSO Level 1

SSO Advanced

SSO Premium

QQ

No

Yes

Yes

No

WeChat

No

Yes

Yes

No

WhatsApp

No

Yes

Yes

No

Qzone

No

Yes

Yes

No

Vkontakte

No

Yes

Yes

No

Taringa

No

Yes

Yes

No

RenRen

No

Yes

Yes

No

LinkedIn

No

Yes

Yes

No

Odnoklassniki

No

Yes

Yes

No

Other Social Media Providers:

This is not meant in any way to disparage these providers, however these providers are not commonly used as even basic SSO sources even if they hope that will change! We support them just as well as the ones above, each may have advantages or disadvantages for you, likely depending mostly on what your users and customers use and what features they allow you for management.

The order of this list was taken from 2019 statistical reports and the order generally implies word wide popularity (more popular at the top) but again, the demographics of your users and customers is much more important to you than what the rest of the world says.

Provider

Accruent MC SSO[22]

SSO Level 1

SSO Advanced

SSO Premium

Tumbir

No

Yes

Yes

No

Baidu

No

Yes

Yes

No

Skype

No

Yes

Yes

No

[1] Note that the Maintenance Connection ‘MC Login’ accounts are not SSO.They do not use an external provider to manage the login, they use a two direction (you can decode it) even with the password encoding that came with version 8 and the older version that was available in version 7. We strongly recommend you only use these accounts during initial setup, then remove access to all afterwards and only use secure providers.

[2] This is based on information Accruent provided us about their SSO

[3] You do NOT want to do this, that is why the yes is in red and no in green.

[4] The Standard MC system uses encoded passwords which can be easily decoded in a fraction of a second. While they are obfuscated (they appear encrypted) the are not considered secure by any industry standard definition.

[5] Requires our add-on nlhscript03 Maintenance Connection LoginHub Add-on Scripting product

[6] With SSO Advanced, the provider often does not give you a lot to achieve your goals. For most companies/needs, you will require a SSO Premium to achieve your objectives. Hence it is in blue, not green, but also not red.

[7] With SSO Advanced, the provider often does not give you a lot to achieve your goals. For most companies/needs, you will require a SSO Premium to achieve your objectives. Hence it is in blue, not green, but also not red.
[8] Requires AzureAD

[9] Active directory via many options depending on your configuration, such as on prem or SaaS

[10] Active directory via many options depending on your configuration, such as on prem or SaaS

[11] Active Directory Federation Services, Microsoft’s AD solution for when on prem is not possible

[12] Onsite installs only. This is probably obvious if you use it, but we need to state it for the record.

[13] Onsite installs only. This is probably obvious if you use it, but we need to state it for the record.

[14] Obviously how you decide the last few differs from report to report and year to year. If you need one that is not in ‘our’ top 15 list, let us know and we can discuss adding and making it a ‘top 16’

[15] Obviously how you decide the last few differs from report to report and year to year. If you need one that is not in ‘our’ top 15 list, let us know and we can discuss adding and making it a ‘top 16’

[16] Many social providers can simply not work above the Advanced level. See list of which ones we have been able to create premium ones for.

[17] For example, using our nlhscript03 product you can even define in the authentication provider how work orders are auto assigned.to specific users.

[18] This is based on information Accruent provided us about their SSO

[19] This is based on information Accruent provided us about their SSO options.

[20] This is based on information Accruent provided us about their SSO

[21] This is based on information Accruent provided us about their SSO

[22] This is based on information Accruent provided us about their SSO

Not all features are available at this time, talk to us if you need providers we don’t have yet.