By using external authentication with the SAML 2.0 protocol, Sansan can be integrated with an AD (Active Directory).
Active Directory is a directory service provided by Microsoft that manages on a network many different types of resources including user information and computer information.
By using AD Integration, the IDs and passwords used for Active Directory can be used to log in to Sansan.
* It is also possible to integrate with other services using SAML authentication. (There are some services that are not yet supported.)
* This function is an option. If you would like to use this option, please contact your Sansan sales representative.
An example of infrastructure (For AD FS)
Flow before AD Integration starts
* Before connecting in a live environment, be sure to perform a connection test in a test environment. We will contact you with more details.
What needs to be done on the client side
- Please build up an AD environment
- Please set up the information for Sansan for PC, the Smartphone application, and the Smartphone web in your company's server. (Details of this will be sent in an email).
- Please create a certificate file (.cer) for the public key that IdP will use as a signature.
Sansan administrator settings
- Please set an AD Integration ID for each user from the Add/Change User screen.
Please send the following information to Sansan.
|Information about your company's server||Certificate for the public key that IdP will use as a signature||Date you wish to start AD Integration|
|Name for distinguishing IdP *1
URL for log-in *2
URL for log-out *2
* Please send this separately in a password-protected ZIP folder or something similar
|Please let us know when you like to start linking *4 *5|
* 1 For AD FS http:// sts.sansan.com)>/adfs/services/trust
* 2 For Ad FS https:// /adfs/ls
* 3 This is the URL you will be sent to when you log out of Sansan. (SAML Logout Endpoints) For AD FS https:///adfs/ls/?wa=wsignout1.0 is recommended.
* 4 If you have not finished registering for an AD Integration ID, the desired starting day may be difficult.
* 5 Please make this request at least three business days before you plan to start the AD Integration.
Notify your colleagues of the log-in URL for AD Integration.
When AD integration begins, the method of logging in will change. Please notify users of this change in advance of the start date.
How to log in after integration begins
From the regular log-in screen, input the email address you registered in Sansan, and then press the "Log in" button. This will bring you to the AD log-in screen set by your company. Please log in using the user ID and password managed by your company.
Sansan for PC
The Smartphone Application
※ Depending on the IdP you are using, the log-in screen may be different.
Points to be aware of
- This function is an added option. Depending on your current contract, additions or changes may be necessary.
- You cannot have multiple AD Integration within one company. (You may have one AD Integration with one company).
- If you are using multiple Sansan contracts in your company, all the contracts in your company must move over to AD Integration.
- You cannot divide within your company so that some do regular log-in, and others use AD Integration.
- With AD Integration, only IDs and passwords can be connected. Adding, editing, or deleting users in Sansan must be done by a different operation.
Before the term of validity of the certificate is up, it is necessary to renew it. When renewing, please inform this to the Sansan Support Center and please also attach the cer file.
- If the term of validity expires, you will no longer be able to log in to Sansan. Please manage this on your side.
- You cannot use the feature phone edition with AD Integration.
- If you are using a Sansan tab (inline) with Salesforce Integration, in some cases the Sansan screen will not be displayed. In this case, please open Sansan in a different window.