The Privakey SSO is currently offered as a Beta. The service and this documentation is a work in progress. If you have any questions please contact support@privakey.com.
Administration
Enable passwordless access for your employees
The Privakey Passwordless SSO is designed to make managing enterprise class, passwordless authentication easy for small to mid-size business managers to manage. If you are already administering Google Workspace or Microsoft 365 you can administer Privakey.
Prerequisites
A domain:
Privakey Passwordless SSO currently requires companies to have a registered domain. For example, for Acme Co this might be acme.co.
Domain-based email:
Privakey Passwordless SSO shares your user's email addresses with connected services. The requirement to have this email be associated with a domain you own and manage is often a requirement of online applications and services that accept third party authentication. To facilitate this connection all users in the system must use a domain email. So, if you were acme.co, all users must have an email structured like: user@acme.co.
Access Privakey Passwordless SSO
The Privakey Passwordless SSO is currently being offered as part of a closed beta. See Beta Access for more information.
Getting Started
Once you are part of the Closed Beta you will receive an email from Privakey with information on how to create your personal Privakey SSO authenticator that will be used to access the Privakey SSO platform. Please review Using the SSO - Getting Started for more information.
After you've set up your authenticator and logged into the Privakey SSO Platform you should can start configuring Service Providers, adding Users, and configuring Users.
Administering Activities
There are three main components to configuring the Privakey Passwordless SSO:
- Users: These are your company colleagues.
- Service Providers: These are the services that you will use Privakey to access. Examples include: Google Workspace, Microsoft 365, AWS, Dropbox, Box and Zoom.
- Locations: Locations can be used to define Single Sign On rules for services. For example, you may want to require your users to always log into a service when they are not in the office but enable SSO access when they are in the office.
Adding Users
Adding users is a great place to start. See Administration - Users for more information. Once you have added users it will be time to configure your first service.
Adding Service Providers
Next you should add a service provider. We recommend adding a core application such as Google Workspace of Microsoft 365 first. Detailed instructions are provided in Administration - Service Provider Configuration.
Though services like Google Workspace are a great place to start, care should be taken when Privakey-enabling them. As Privakey Passwordless SSO currently uses Email to invite Users to the platform they will need to have access to their email to create a Privakey Authenticator. Google, Microsoft and others facilitate this requirement by allowing you to create organizational units with different authentication rules. We provide detailed instructions in the help sections dedicated to configuring Google and Microsoft services for use with the Privakey SSO.
Adding Locations
Configuring locations is an optional but powerful feature.
In a secure facility such as your office it may make sense to let users login once and access all of their online business accounts. But, how do you want the SSO to behave when they're working remotely, or from a coffee shop? You may want them to re-authenticate to the Privakey Passwordless SSO when accessing sensitive accounts such as AWS even though they've already accessed Box.
Privakey's Location feature enables this capability. However, broad rules can be set for the entire SSO without ever configuring a location. It's up to you.
Version 1.0.1 | 08/23/2023