ServiceTrade Single Sign-On (using the same credentials to sign on to our suite of applications, including ServiceTrade Core, ServiceTrade Mobile App, InspectionManager, NorthBoundary, Service Timecard, PartsLedger Technician App, Toolbox, STAC, and Journey Dashboard) now supports an integration with Microsoft Entra ID (formerly Azure Active Directory) and will soon support the Google Workspace Single Sign-On Corporate Identity Provider integration. The Google Workspace integration will be available later in Q1.
We will refer to Single Sign-On as "SSO" and Corporate Identity Provider as "CIP."
If you'd like to implement one of these CIP Integrations, you can read this article to learn about requirements and follow the steps below to prepare your account.
CIP integration is enabled by email domain and when enabled will be active for ALL users on that domain. This is true even when an email domain is used across multiple ST accounts.
Important Note: On-premise Active Directory is NOT supported.
Checklist to Prepare for Corporate Identity Provider
If you want to implement a CIP Integration, please follow the checklist below to prepare your ServiceTrade Account and CIP before reaching out to our Support Team. These steps are critical for this integration to work.
- ✅ All users' email addresses in ServiceTrade must match the email addresses assigned to those users in your CIP.
- ✅ For individual users needing access to multiple production accounts, effectively with a duplicate email addresses within the same or across different production accounts, here are your options:
- *Recommended* Move forward with CIP integration for all users except the individuals who need to access more than one production account (not including the customer demo account.) These users will continue to authenticate with a simple username that is NOT a email address on the domains where CIP have been enabled. These individuals will later transition to using their corporate identity when the account selector is available in Q2 of 2024.
- Wait to set up your CIP integration until Q2 of 2024. At that time, we will have a solution that will allow a user to log in with their CIP credentials and then select which ST account they want to authenticate into.
- ✅ API integrations will continue to use username and password to authenticate and will remain a ServiceTrade native identity outside of your CIP.
- Best practice: Create a unique group email address that routes to multiple individuals within your organization for these ST identities.
- ✅ Make sure that your technicians and users know their passwords. When you set up for CIP integration:
- If there is an active session, their session will continue to renew, and they won’t have to log in again right away.
- You won’t see a spike of all users needing to authentication with your CIP on day one, only as new users are added or existing sessions expire.
- Once you have completed the checklist, please contact our Support Team at email@example.com
- Note: Our Support Team will help you enable the integration and provide next steps. You must complete the checklist above in order for support to enable the integration. They cannot complete any of the steps in the checklist on your behalf.
If you have a Demo Account
We can enable SSO for your Demo or Production Account (not both.)
For example, you may want to test the integration in your demo account before implementing it in your production account. We would need to enable it in your demo account and then disable it. Then, when you are ready, we would need to enable it in your Production Account.
Google Workspace and Gmail Customers
For any duplicate email addresses detected, ServiceTrade automatically appended the first part of the email with “+ [ServiceTrade username] or [ServiceTrade user id]” during the first phase of the SSO rollout. You can also use this feature to create variations of duplicate emails in ST accounts on your own before the integration.
If you have API integrations with your ServiceTrade account, they must be authenticated via username and password, and not email address and password. We strongly recommend that you use a separate service account from your active users. Doing so provides a clear audit trail and allows the API integration identity to have permissions reduced to the minimum needed. This is likely how they work now, but please confirm before your integration setup.
API integrations will remain a ServiceTrade native identity, skipping integration with your CIP.
API integration users in your ServiceTrade account will still need to have a unique email address associated with the account.