Configuring single sign-on with Datto SSO (Authweb)

SECURITY  Security level with permission to configure Resources/Users (HR). In the Partner Portal, Security Administrator permissions.

NAVIGATION   > Admin > Organization Settings & Users > Resources/Users (HR) > Security > Single Sign-On (OpenID Connect (OIDC))

In this step, you configure SSO at the organization level. You will be copying information from Autotask to Authweb and Authweb to Autotask, so both applications must be open.

1. In the Partner Portal, navigate to Admin > Security Settings.
   

2. In the sidebar menu, click Autotask SSO, or scroll to the Autotask SSO tile.
   

3. Click Set Up Autotask SSO). The OIDC configuration page will be launched.
   
   

4. In Autotask, go to > Admin > Organization Settings & Users > Resources/Users (HR) > Resources/Users (HR) > Security > Single Sign-On (OpenID Connect (OIDC)).

5. Copy the following fields from Autotask and paste them into the Partner Portal's Autotask SSO configuration page:
   

   • Callback/Redirect URL
   • LiveMobile Callback/Redirect URL
   • LiveMobile (v2.0 +) Callback/Redirect URL
   • Initiate Login URL

6. In the Partner Portal, click Save & Verify. Authweb will generate a Client ID and a a Secret value.

7. Copy each of the following fields and paste them into the corresponding fields on the Autotask Single Sign-On (OpenID Connect (OIDC)) page.

   • Client ID
   • Secret
   • Discovery Document
     

IMPORTANT  The Secret value will not be available after you navigate away from the page. You must copy and paste it into Autotask immediately, or click Regenerate Secret and copy the new one into Autotask.

8. Proceed with configuring individual user accounts.

1. In Autotask, under the Single Sign-On is: heading, select Enabled for selected resources using Identity Provider's Name Identifier (see Resources tab). This will enable the Resources tab.
2. Click the Resources tab.
3. In the Partner Portal > Admin > Security Settings, scroll to Autotask SSO. All employees who have a user account on the Partner Portal are listed there.
   
4. To enable single sign on for a user, click the slider in the Is PSA User column and copy the user's Application User UUID.
5. If you are configuring access for the Dashboard User (a user account used for presentation mode), also click the slider for PSA Dashboard User Access. This will enable the dashboard user to be logged in indefinitely, since it would be inconvenient to come into work every morning and have to log in to Authweb/Autotask on the office TV. Refer to Dashboard User (system).

NOTE  When you select a dashboard account on the Authweb account selection, you also lose the ability to switch accounts.

6. In Autotask, locate the user and paste the UUID into the field in the Unique ID column. Select the check box in front of the user's name.
   
   Repeat this process for all users who will be logging into Autotask using single sign on.
7. Click Save. Single sign-on is now enabled for the selected users.
8. On the General tab, click Test. If you are not logged into Authweb when you click Test, you will be prompted to do so.
   A message window will confirm that the Client ID, Client Secret and OpenID Connect Discovery Document are all valid.
9. Click OK.