Single Sign-On (SSO)

Cloud Email Protection now includes the ability for you to enable a Single Sign-On (“SSO”) mechanism for authenticating users in your organization via the SAML 2.0 protocol.

With Single Sign-On, you can:

  • Create a “one-click” login experience. You can bind your existing corporate login identities (accounts) to the Cloud Email Protection username, which eliminates the need for a separate Cloud Email Protection password.
  • Revoke user access centrally. When an employee leaves the company, you can remove Cloud Email Protection access within the SSO provider rather than within Cloud Email Protection separately.
  • Provide optional secondary authentication. You can allow specific users (for example, contractors not available in your identity provider system) to authenticate exclusively with the credentials stored in Cloud Email Protection (which effectively bypasses the single sign-on mechanism). You can also allow specific users to authenticate with the credentials stored in Cloud Email Protection only in the event when the SSO identity service fails (for example, during outages).

Logging In With SSO

Your user’s login process with SSO enabled will depend on how you implement SSO.

  • For identity provider-initiated SSO, your users will not need to enter a credential or go to the login page. They will initiate their connection to through your organization’s identity service provider and be logged in.
  • For service provider-initiated SSO, your users will come to the Cloud Email Protection login page at https://ep.agari.com and enter their email address. They will not be presented with a Password field on the Cloud Email Protection login page, unless you enable secondary authentication. (Secondary authentication allows a user to log in via a password if necessary.) Instead, users will be redirected to your identity provider. If users are not already authenticated with the identity provider, they will be prompted to authenticate. (Your identity provider may present authentication in several screens.) Once users have authenticated with the identity provider, they are redirected once again to the Cloud Email Protection Overview page.